> What is currently still not feasible is to create a custom git repository whose HEAD matches that of the Linux kernel.
Hang on, that doesn't matter though, does it?
I was under the impression that git's SHAs were to be treated as repo-wise unique; not universally. There must non-adversarial 'collisions' across repositories already, surely?
I thought this attack potentially allows creating two commits in the same repo with the same hash - although it may only be possible for these to be root commits.
I don't think there's ever been an example of two different pieces of content hashing to the same SHA-1 before. An infinite number of such examples obviously must exist but they're incredibly improbably to encounter by accident.
Hang on, that doesn't matter though, does it?
I was under the impression that git's SHAs were to be treated as repo-wise unique; not universally. There must non-adversarial 'collisions' across repositories already, surely?
I thought this attack potentially allows creating two commits in the same repo with the same hash - although it may only be possible for these to be root commits.