I think besides entering faked dates there was also another track about unauthorized uploading of SSH public keys. That sounded much more dangerous in the github case then setting a nonsense date. Is that technically the same vulnerability (maybe just faking a new comitter value and uploading afterwards through "legal" channels?) or a different issue?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds