Moving Git past SHA-1

Re-writing history would invalidate existing signed commits and require force-pushing, which can be disabled for some repos/heads. Some people enable signing for every commit to prove authorship and regularly (automatically) validate existing signatures in the history. Above is a suggestion to have parallel double-hashed history, which would be better, though I think you'd definitely want the first new-style-only commit (enabling the second hash) to be signed from a trusted maintainer: https://lwn.net/Articles/715844/.

Ultimately I wouldn't worry about it as there isn't yet a simple solution and the developers have now raised the priority of this work, so they'll think through the various options to come up with a compromise that is both implementable and reasonable.