[jlgaddis]

While the likelihood of a collision (whether "accidental" or malicious) is probably still relatively low even with MD5, what reasonable, compelling reason is there to still be using MD5 -- especially when much stronger hash algorithms such as SHA256 and SHA512 are available?

Generate both SHA256 and SHA512 hashes or maybe SHA512 and some other "unrelated" algorithm (if you want to really play it safe), dump them into a checksums.txt (or whatever) file, then PGP/GPG sign that file (with a widely distributed and certified/signed public key, of course) and you can effectively eliminate any chances of a collision whatsoever.

It seems that the benefits of switching would greatly outweigh the costs associated with doing so (unless this would require some major code changes to your processes/pipelines/etc.).