Given the recent publication of the [[ https://shattered.it/ | "SHAttered" SHA-1 collision proof ]] by people at Google and the Centrum voor Wiskunde en Informatica in Amsterdam, wouldn't it be legitimate to provide safer checksums than the ones currently provided (MD5 and SHA-1) ? Granted, they've been historically used for that purpose, but now that **//both//** can be collided with legit-looking payloads with the same hash as any given payload, it would probably be best to either provide a third checksum or get rid of these old checksum hashing algos entirely and switch to a third.
If anything, we could use algorithms in the SHA-2 family, like sha256 or sha512 (for which `sha256sum` and `sha512sum` packages are available since ubuntu 12.04 « Precise Pangolin ») ; or in the SHA-3 family (for which a unique `sha3sum` package is available since Ubuntu 15.10 « Wily Werewolf », using a command line parameter to choose the exact algorithm and size of the resulting hash). Or even both.
Considering we've abandonned sha1 for our SSL/TLS certificates, (as we should have of course), it would make sense to, if not abandon them outright, at least provide safer alternatives for the checksums of dumps we provide.