@bhaugen the only attacker who can do that is the original creator of the colliding commit, when they originally created it.

A sha1 preimage attrack would be necessary for any stronger attack.

And tags add no security unless gpg signed.

No idea what you mean with the message ids and dags and stuff.