Linus on Git and SHA-1 Linus Torvalds has posted
a lengthy
explanation of why the recently created SHA-1 collision is not an
emergency for Git users. "
In the pdf examples, the pdf format acted
as the 'black box', and what you see is the printout which has only a very
indirect relationship to the pdf encoding.
But if you use git for source control like in the kernel, the stuff you
really care about is source code, which is very much a transparent
medium. If somebody inserts random odd generated crud in the middle of your
source code, you will absolutely notice." That said, he notes that
there is work in progress to move away from SHA-1.
[It seems that subversion users have an additional set of concerns; see this bug report
conversation for the scary story.]