> SHA1 is not used for security in Git

       -S[<keyid>], --gpg-sign[=<keyid>]
           GPG-sign commits. The keyid argument is optional and defaults to the committer identity; if specified, it must be stuck to the option without a space.

Yes it is.

Yup. But Signatures rely on the hash pre-image resistance. Not on the collision resistance of the hash.

I don't know much cryptography. Wouldn't an attack require you to forge a commit object which is a good-looking patch, along with a valid signature (signed from someone you trust), which has the same identity (SHA1 hash)?

The attack is not as difficult as that. If you can create a valid git object which collides with another git object, signatures for the previous object tree (which is identified by SHA-1 hash) will be valid for the new object tree (which has the same hash).

So a collision in a blob that represents a file (or any other internal git object) will cause in your old signature still being valid for the new file that corresponds to the git collision.

No need to forge the signature. The signature will still verify since your forged object has the same hash as the genuine one.

Fair enough, clearly I was mistaken.