SHA1 collisions make Git vulnerable to attacks – http://www.metzdowd.com/pipermail/cryptography/2017-February/031623.html