By default, or (if performance is poor) upon request from CI, do a RevWalk of the whole repository looking for clashes in commit hash prefix and rev count. If any is found, fail the build.
This would block attempts to spoof a legitimate commit.
|Status||Open [ 1 ]||In Progress [ 3 ]|
|Remote Link||This issue links to "Discussion (Web Link)" [ 20454 ]|
|Status||In Progress [ 3 ]||Resolved [ 5 ]|
|Resolution||Fixed [ 1 ]|