SHA-1 has just been broken a bit more: http://www.heise-security.co.uk/news/77244
CAcert is aggressively moving to SHA-2 as we speak.
Microsoft will support SHA-2 only in Windows Vista according to our sources.
Debian Stable, FreeBSD and OSX don´t provide SHA-2 in their current versions.
SuSE, Knoppix, FC5, Ubuntu, Mandriva, … all support SHA-2 already.
Read more details about SHA-2 support of various applications and distributions on http://wiki.cacert.org/wiki/HashInterop
Please contact your vendor to tell them that you need SHA-2 support!
Debian Stable includes gpg/libgcrypt which support SHA256. E.g., gpg –print-md sha256.