[josephsweeney]

Mainly because SHA1 was convenient, but also Git uses SHA1. See this Linus rant:

https://marc.info/?l=git&m=148787047422954

Most of that argument applies, but if it ever becomes a problem, we should be able to move to something like SHA256 fairly easily.

[iovoid]

git creators refuse to migrate because they selected sha1 in the start and because of backwards compatibility its harder to just change it. Also git is a situation where its harder to get a maintainer to push your binary blob. In a database, its more probable that a user includes malicious data. The hash used is not so easy to change, unless you are willing to make the change not backwards-compatible (break existing DBs)

[josephsweeney]

You're definitely correct. This project is still in its early stages so no one is really using it yet, so its easy in the sense that I just have to change the hashing algorithm. No need to worry about backwards compatibility.