I noted that some derivatives have introduced SHA512 into their
Release files (and probably Packages/etc). I was wondering if it is
time to drop or deprecate MD5 from the apt metadata and replace it
with SHA512 and or SHA-3. Thoughts?
SHA512 doesn't bring any advantage over SHA256.
SHA-3 hasn't been standardized yet by NIST as Secure Hash Standard
and doesn't bring any advantages over SHA-2 (yet).
So, yeah let's drop MD5, but don't introduce neither SHA512 nor SHA-3
unless there's a cryptographical need (there isn't at the moment).