Torbrowser 6.5a3 packages now signed with sha1, not sha512
$ gpg -v torbrowser-install-6.0.5_en-US.exe.asc
gpg: assuming signed data in `torbrowser-install-6.0.5_en-US.exe'
gpg: Signature made Fri 16 Sep 2016 07:53:01 AM EDT
gpg: using RSA key 2E1AC68ED40814E0
gpg: using subkey 2E1AC68ED40814E0 instead of primary key 4E2C6E8793298290
gpg: using PGP trust model
gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>"
gpg: binary signature, digest algorithm SHA512
compared to
$ gpg -v torbrowser-install-6.5a3_en-US.exe.asc
gpg: armor header: Version: GnuPG v1
gpg: assuming signed data in `torbrowser-install-6.5a3_en-US.exe'
gpg: Signature made Tue 20 Sep 2016 11:10:10 AM EDT
gpg: using RSA key D1483FA6C3C07136
gpg: using subkey D1483FA6C3C07136 instead of primary key 4E2C6E8793298290
gpg: using PGP trust model
gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>"
gpg: binary signature, digest algorithm SHA1
What made us switch to SHA1 for the latest alpha build? Is this some bug in our release process?