Re: Once someone can generate a collision to a hashing algorith it's time to start retiring it.
But what can you do with your collision in this instance.?
If you have access to the server where the git repository is stored, you can replace one of the files with your own file (not just any old file, your specially crafted file with the same hash) and it won't grumble and people pulling the relevant version will get your file, thinking that it's the original committed by whoever it was who did the previous commit.
Is that a worry? Not really. Even if you can generate collisions easily, you still need write access to the repository. Very rare for you to have that access to a git project worth hacking. Sure it would be better if the vulnerability didn't exist which is why it will eventually get updated to a new algorithm but I can see why it's not high priority.