On 02/23/2017 07:31 PM, Warren Young wrote: > All of this is not to say that Git doesn’t have a problem. They do. > It’s just that the problem in question doesn’t affect the integrity of > git.centos.org, as far as I can see. Thanks for the good answer, Warren. Since last posting on this, I've been watching traffic on NANOG about it, and then Linus weighed in on the issue at https://plus.google.com/+LinusTorvalds/posts/7tp2gYWQugL which, in a nutshell, says: 1.) The sky isn't falling even though there is an actual issue with this; 2.) There are a couple of patches mitigating the primary modes of this attack; 3.)GIT will be upgrading to another hash, and that upgrade won't break existing repos. So even in Linus' words it's not a ridiculous conversation, but it's not super urgent, either. Which is the kind of statement I was after, and the type of information I was looking for.