In principle it is good to provide a cryptographically secure hash, as this allows users to sign their repositories by signing a single file, which seems like it's potentially quite a useful feature.
Can you be more specific about this -- who can "sign" a repository? How is such a signature checked? What guarantee can you rely on if the check passes? As far as I know, it is impossible to use a hash value in darcs to securely denote a specific patch, because darcs patches do not have a canonical form. In fact, last time I checked the patch *contents* didn't even go into the input to SHA-1, just the patch metadata (timestamp, author, patch description). I don't think SHA-1 is necessarily a bad choice if you need a secure hash function (although I would like a better argument than "Linus chose it."), but I don't understand why we need a secure hash function. (If you need a secure hash function, Tiger is probably stronger than, and is 150% as fast as, SHA-1.) Regards, Zooko