> One problem with git is that it's mutable, and real problems have arisen (some quite recently) because of that.

What are you referring to?

As far as I know, nothing about git is mutable in the hash-chain sense? If I sign the last commit to a Git repository, I can be assured that both the current state and history cannot be modified without invalidating my signature, no?

Of course one can rewrite history, but that will always change all hashes from the point history was modified onwards. The difference with blockchain is that the signature changes from "bri3d said this commit matched the current state of his history" to a distributed system that says "more than 50% of miners agree that this commit was the current state of history at the point this block was mined."

Are there other implementation issues with Git I'm not familiar with? The common practice of truncating a SHA to make a 'short commit' is of course highly vulnerable to all sorts of nonsense, but that's obvious any time a SHA is truncated.

The hash chain in Git itself is effectively immutable, but the names on top of it, like branches and tags, can't be trusted, and that's what we're basing releases on. Obviously the point of a branch is that it will change, but expectations around tags don't meet reality, and there currently isn't really a way to state those expectations other than tossing out tags entirely. It seems an immutable ledger could help in this case to detect tag changes, and that's where people start throwing around blockchain as an answer, but there probably is something simpler and less entangled with the crypto subculture...