diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml
index 907698d..c5d7e2b 100644
--- a/.github/workflows/pythonpackage.yml
+++ b/.github/workflows/pythonpackage.yml
@@ -5,6 +5,9 @@ name: Python package
 
 on: [push, pull_request, workflow_dispatch]
 
+permissions:
+  contents: read
+
 jobs:
   build:
 
@@ -12,7 +15,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13", "3.13t"]
         os: [ubuntu-latest]
         experimental: [false]
         include:
diff --git a/Makefile b/Makefile
index a0a2d0e..20436bb 100644
--- a/Makefile
+++ b/Makefile
@@ -1,40 +1,12 @@
-PYTHON = python3
-SETUP = $(PYTHON) setup.py
-TESTFLAGS =
+.PHONY: all clean release force_release
 
-all::
+all:
 	@grep -Ee '^[a-z].*:' Makefile | cut -d: -f1 | grep -vF all
 
-release:: clean
-	# Check if latest tag is the current head we're releasing
-	echo "Latest tag = $$(git tag | sort -nr | head -n1)"
-	echo "HEAD SHA       = $$(git rev-parse head)"
-	echo "Latest tag SHA = $$(git tag | sort -nr | head -n1 | xargs git rev-parse)"
-	@test "$$(git rev-parse head)" = "$$(git tag | sort -nr | head -n1 | xargs git rev-parse)"
-	make force_release
+clean:
+	rm -rf build/ dist/ .eggs/ .tox/
 
-force_release:: clean
-	git push --tags
-	python3 -m build --sdist --wheel
+force_release: clean
+	./build-release.sh
 	twine upload dist/*
-
-doc:: 
-	make -C doc/ html
-
-build::
-	$(SETUP) build
-	$(SETUP) build_ext -i
-
-build_ext::
-	$(SETUP) build_ext -i
-	
-install::
-	$(SETUP) install
-
-clean::
-	$(SETUP) clean --all
-	rm -f *.so
-
-coverage:: build
-	PYTHONPATH=. $(PYTHON) -m pytest --cov=gitdb gitdb
-
+	git push --tags origin master
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..95389ff
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,3 @@
+# Security Policy
+
+See [GitPython](https://github.com/gitpython-developers/GitPython/blob/main/SECURITY.md). Vulnerabilities found in `gitdb` can be reported there.
diff --git a/build-release.sh b/build-release.sh
new file mode 100755
index 0000000..5840e44
--- /dev/null
+++ b/build-release.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This script builds a release. If run in a venv, it auto-installs its tools.
+# You may want to run "make release" instead of running this script directly.
+
+set -eEu
+
+function release_with() {
+    $1 -m build --sdist --wheel
+}
+
+if test -n "${VIRTUAL_ENV:-}"; then
+    deps=(build twine)  # Install twine along with build, as we need it later.
+    echo "Virtual environment detected. Adding packages: ${deps[*]}"
+    pip install --quiet --upgrade "${deps[@]}"
+    echo 'Starting the build.'
+    release_with python
+else
+    function suggest_venv() {
+        venv_cmd='python -m venv env && source env/bin/activate'
+        printf "HELP: To avoid this error, use a virtual-env with '%s' instead.\n" "$venv_cmd"
+    }
+    trap suggest_venv ERR  # This keeps the original exit (error) code.
+    echo 'Starting the build.'
+    release_with python3 # Outside a venv, use python3.
+fi
diff --git a/gitdb/db/loose.py b/gitdb/db/loose.py
index 03d387e..e6765cd 100644
--- a/gitdb/db/loose.py
+++ b/gitdb/db/loose.py
@@ -230,16 +230,16 @@ def store(self, istream):
             # end rename only if needed
 
             # Ensure rename is actually done and file is stable
-            # Retry up to 14 times - exponential wait & retry in ms.
+            # Retry up to 14 times - quadratic wait & retry in ms.
             # The total maximum wait time is 1000ms, which should be vastly enough for the
             # OS to return and commit the file to disk.
-            for exp_backoff_ms in [1, 4, 9, 16, 25, 36, 49, 64, 81, 100, 121, 144, 169, 181]:
+            for backoff_ms in [1, 4, 9, 16, 25, 36, 49, 64, 81, 100, 121, 144, 169, 181]:
                 with suppress(PermissionError):
                     # make sure its readable for all ! It started out as rw-- tmp file
                     # but needs to be rwrr
                     chmod(obj_path, self.new_objects_mode)
                     break
-                time.sleep(exp_backoff_ms / 1000.0)
+                time.sleep(backoff_ms / 1000.0)
             else:
                 raise PermissionError(
                     "Impossible to apply `chmod` to file {}".format(obj_path)
diff --git a/gitdb/ext/smmap b/gitdb/ext/smmap
index f31bfa3..c6b53d3 160000
--- a/gitdb/ext/smmap
+++ b/gitdb/ext/smmap
@@ -1 +1 @@
-Subproject commit f31bfa378c8840d38d31e7e11ef2b84f191a491e
+Subproject commit c6b53d35deb82a38d5d07ca7712c1334a7a10c10