Pathes in Linux are reviewed by multiple people before merging. Even if you create a collision and submit patch you cannot really do much without write access to repo. It is even more difficult because person merging path will not fast forward in most cases.
This attack still do not allow for inserting a arbitrary data in arbitrary places to make attack on Linux possible. Finally SHA1 in git also take size into consideration and make this attack even more expensive[2].
People should really chill out. There are cheaper attack vectors that collisions.
Notice that the attack I described does not require actually merging in the patch, it only requires that news stories be written about how there might be such a vulnerability.
This attack still do not allow for inserting a arbitrary data in arbitrary places to make attack on Linux possible. Finally SHA1 in git also take size into consideration and make this attack even more expensive[2].
People should really chill out. There are cheaper attack vectors that collisions.
[2] https://public-inbox.org/git/CA+55aFxJGDpJXqpcoPnwvzcn_fB-za...