diff --git a/doc/devblog/day_449__SHA1_break_day.mdwn b/doc/devblog/day_449__SHA1_break_day.mdwn
index 0342582f3b..df140be2f8 100644
--- a/doc/devblog/day_449__SHA1_break_day.mdwn
+++ b/doc/devblog/day_449__SHA1_break_day.mdwn
@@ -2,7 +2,8 @@
 produced by an identical-prefix collision attack.
 
 After looking into it all day, it does not appear to impact git's security
-immediately. But we're well past the time when it seemed ok that git
+immediately, except for targeted attacks against specific projects by
+very wealthy attackers. But we're well past the time when it seemed ok that git
 uses SHA1. If this gets improved into a chosen-prefix collision
 attack, git will start to be rather insecure.