I'm not a git developer, but I remember from linus's google tech talk that it would be pretty trivial, and you can already use your favorite hashes. I don't know anything about repo compatibility. But this wont break git, your source files will still have the same likely hood of producing a collision as they always have, nil. This just means that git could possibly be subject to attack, and that gpg signing sha1 hashes may not be 100% the best method of saying the following code is trusted. But I seriously doubt any sort of injection would compile.

EDIT: Thinking about it, you could have a commented area somewhere where you put in garbage characters to try to generate a collision, not unlike producing two word documents that read slightly different (different clauses in a contract for example) but have a ton of random metadata that causes the collision. But this isn't an attack on SHA1 just on hashes in general.