The issue is that if these files are distributed elsewhere by 3. parties, it is trivial for those 3. parties change and compromise the files, but still make the files produce the same MD5 sum.
If you think a preimage attack against MD5 is "trivial" you should demonstrate it. People would be very interested in this because no one has managed to do it yet.
Creating two files with the same MD5 is a very different beast from creating a file with the same MD5 as an arbitrary pre-existing file. These third parties would need to have colluded with the DragonFly developers to make what you're proposing possible.
Creating two files with the same MD5 is a very different beast from creating a file with the same MD5 as an arbitrary pre-existing file. These third parties would need to have colluded with the DragonFly developers to make what you're proposing possible.