Currently we use

sha1=fa2ae4db119f639a01b02f99f1ba671ece2828eb
md5=0d270c997aff29708c74d53f599ef717
cksum=1153713708

all of which do not provide sufficient protection against collision attacks.
Concurring with the suggestion in https://groups.google.com/g/sage-devel/c/ckJuCIdStVU/m/ONTDxjGnAQAJ, we should switch to sha256.

• Add methods for sha256, parallel to existing methods for sha1
• Update method checksum_verifies and emit warning if a package only has a sha1 hash, not a sha256 hash
• Remove methods for md5, cksum (already marked as outdated in the code)
• Update checksums.ini files

Files to edit:

• build/sage_bootstrap/package.py
• build/sage_bootstrap/tarball.py
• build/test/test_package_cmdline.py