SHA-1 is completely dead. And I noticed legacy GPG signed my PGP key with SHA-1.
Improving GPG Configuration
$ vim ~/.gnupg/gpg.conf
# use SHA-512 when signing a key
cert-digest-algo SHA512
# override recipient key cipher preferences
# remove 3DES and prefer AES256
personal-cipher-preferences AES256 AES192 AES CAST5
# override recipient key digest preferences
# remove SHA-1 and prefer SHA-512
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
# remove SHA-1 and 3DES from cipher preferences of newly created key
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
# reject SHA-1 signature
weak-digest SHA1
# never allow use 3DES
disable-cipher-algo 3DES
# use AES256 when symmetric encryption
s2k-cipher-algo AES256
# use SHA-512 when symmetric encryption
s2k-digest-algo SHA-512
# mangle password many times as possible when symmetric encryption
s2k-count 65011712
# both short and long key IDs are insecure
keyid-format none
# use full fingerprint instead
with-subkey-fingerprint