I'm currently using MD5 (I know!) for the ssb-patchwork integrity check on Arch Linux, but if you post the digest of the tarball I can switch over to SHA512 to make it super easy. Alternative, I remember that there was an issue about PGP signing releases, so that's an option too.