During early 2015 Homebrew started the process of deprecating SHA1 for package integrity verification. Since then every formulae under the Homebrew organisation has been moved onto SHA256 verification; this includes both source packages and our precompiled packages (bottles).
We also stopped supporting MD5 entirely. It was removed from core formulae in 2012 but until April 2015 if you tried to install a formula still using an MD5 checksum Homebrew wouldn't actively stop you.
On SHA1 we added a brew audit check that flags SHA1 checksums as deprecated
and requests that you use SHA256.
We saw positive ecosystem engagement on moving from MD5 & SHA1 to the recommended SHA256 and thanks to that we're in a strong position to move forwards.
From March 20th 2016 we've stepped up the visibility of that notification & you'll start seeing deprecation warnings when installing SHA1-validated formula. If you see these please consider reporting it to where the formula originated.
We're targeting the end of September 2016 for SHA1 support removal, 19 months after we started warning people to move away from it for verification. This will be enforced in the same way MD5 is today, by blocking the installation of that individual formula until the checksum is migrated.
This means prior to that date custom taps, local custom formulae, etc need to be migrated to use SHA256.