From a pure git perspective, the attacker(s) will have a very hard time rewriting any commit history, as changing a commit's SHA1 hash will trigger a cascading effect on the hashes of all child commits on down the DAG from the one that they change.
Anyone with an existing clone of the repos would immediately know the repo has been corrupted when doing a pull (although fresh clones wouldn't be as lucky of course).
Anyone with an existing clone of the repos would immediately know the repo has been corrupted when doing a pull (although fresh clones wouldn't be as lucky of course).