I'm looking at CouchDB source code and I have several questions: 1) Why MD5 is used instead of more secure hashes. It's very real to imagine a situation where a malicious user can cause hash collision and cause problems in replication.
2) ID is not completely deterministic - it depends on compression_level and compressible_types settings for attachments. Would it make sense to use MD5 of the original uncompressed document? And while you're at it, it probably makes sense to include file size in Atts2 tuple.
