The only attacks that can happen are if someone gives you a wrong hash; which means we need to secure the hash distribution, but there's no need to secure the content distribution. Unless you want an encrypted distribution, but that's a whole another topic.

That's not really the point. With SHA1/MD5 etc you may only ensure integrity against random non-malicious errors. But think of a malicious attacker targeting existential forgery using chosen message attack where she may change both the message and the hash.

Don't think I'm missing your idea to secure only the hash distribution, but you simply delay the same problem one step ahead. So you decouple the hashes [h{1}, h{2}, ... h{n}] from the contents (or messages) they are derived from. [m{1}, m{2}.. m{n}) and you think you may ensure the secure distribution of the hashes without their "messages". Now in recursion your new "content" are now those hashes which require their own confidentiality and integrity check which may better be done using an authenticated encryption with mac. Ultimately an attacker may simply forge hashes and provide contents for them.

Think of 10K of linux distro files with hashes being the target of a malicious government who wants to install modified versions of those files. Only SHAx etc won't help you to achieve "integrity". At some point you need secure hashes or macs (which are hashes secured with keys).

Which is not encryption, but signing :)

I totally agree with that though. And of course there's a BEP for that (http://www.bittorrent.org/beps/bep_0035.html).

The SHA-2 family (namely SHA-224, SHA-256, SHA-384, SHA-512) are good candidates, and probably SHA-3 too. Let's stop recommending and start phasing out SHA-1 (and definitely never use SHA-0); nobody's demonstrated a collision yet, but it could well be coming. SHA-1 has been deprecated by NIST since 2010; new applications shouldn't use it.