Sounds reasonable to me.
> -----Ursprüngliche Nachricht-----
> Von: William A Rowe Jr [mailto:wr...@rowe-clan.net]
> Gesendet: Montag, 23. Oktober 2017 20:37
> An: httpd <email@example.com>
> Betreff: Simplify download distribution directory by dropping sha1
> HTTPD team,
> Since our downloads are to be authenticated by their .asc PGP
> signatures, and the hashes simply serve as checksums, is it reasonable
> to offer only MD5 and SHA256 at this point?
> Anyone without SHA256 (rare, I'd expect) can use MD5 as the simplest
> supported checksum. All others should apply the strongest hash