World changing

> However, the world has changed quite a bit since Git was first released in 2005; it was designed for a different era. When Git was released, SHA-1 was considered to be a secure hash function; that has changed, he said, with the SHAttered attack that was announced in 2017 by Centrum Wiskunde & Informatica (CWI) and Google.

This is something where I would be instinctively a bit less charitable. I remember watching this at the time. (Now, I am aware that humans routinely "remember" things that never happened, so I take this memory with a grain of salt, and so should you.)

The thing is: It was *well understood* by 2007 that cryptographic algorithms do not last forever. I am sure there were people who sounded the warning of "you cannot rely on SHA-1 lasting forever". I also feel certain there are, for each who did, ten people who didn't because the relevant people were perceived as extremely hostile towards "security alarmism".

It may well be that there was no better choice available, you had to rely on some primitive, and SHA-1 was the correct choice. But that discussion, and the discussion of what to do when *inevitably* SHA-1 starts to crack, never happened because of attitudes.