As some people have been saying for a while now, SHA-1 has reached it's end of life.
Summary of the paper: SHA-1 collisions now 2^52 (pdf) by Cameron McDonald, Philip Hawkes and Josef Pieprzyk, Macquarie University and Qualcomm, Australia.
More details about how Debian and openpgp are moving away from SHA-1.
So if you're still using SHA-1 (or md5!) time to move onto the next one... SHA-2.