zooko
The basic choice is: (a) use an insecure function and simply state that anyone with whom you (transitively) exchange patches has the opportunity to subvert your repository, or (b) use a secure hash function, i.e. SHA-256 or Tiger.
And anyway, if your goal is security 'till 2015, SHA1 seems to be secure enough(TM) for all practical purposes (that is, without using par on a beowolf cluster on all ps3's in the world), as the speed^H^H^H^H^Hcomplexity of a single CPU core won't obey Moore's law anymore, for physical reasons. OTOH, when quantum computing arrives, you're fucked, anyway. Excessive paranoia in general doesn't pay off if the to protected data is publicly accessible in any way whatsoever. THEY would be much more cost-effective if THEY'd go for physically hacking your system instead of paying N million € for hardware to crack your codes. In the end, I guess THEY finance quantum computing research, but I'm going vastly OT here... -- (c) this sig last receiving data processing entity. Inspect headers for past copyright information. All rights reserved. Unauthorised copying, hiring, renting, public performance and/or broadcasting of this signature prohibited.