Package: apt Version: 0.6.46.4 Severity: wishlist Collisions for md5 and sha1 were found allready, so it's likely, that in the nearer future one of them alone won't be safe enough. Since it is harder to find collisions for two checksums than for one, apt should use both of them at the same time for verifying packages.