What's the cost to switching to something other than MD5 here, though?
Just the general risk of change (sometimes referred to as "bricking"). The changes on the generating side have already been implemented. Maybe we should include a dummy package entry at the beginning of the package list, with unpredictable contents. This should be sufficient with the current level of cryptanalysis (like most folks, we are relatively unprotected against second preimage attacks because we still need to support MD5-only private repositories and OpenPGP V3 signing keys). It does not solve the problem that MD5 is an outcast these days, no matter how it is used.
I agree that users not checking download links is likely more probablistic. But as checking the sums is already entirely a manual process, what's the trouble with switching to sha256 now abd stating this in the DSA mails?
There are some folks who use scripts to parse the messages. But as I said, we are far more likely to drop .deb hashes altogether, probably as lenny is released.
I have to admit that hearing that Debian's going to continue moving forward with md5 until an unspecified somewhen date in the future is a bit disappointing.
Yes, I'd like to zap a magic wand and make all those MD5-only APT installations go away, but it isn't that easy.