Do we need to do anything about old content?
If we have, say, a legal contract that was timestamped and signed with SHA-1, will it be possible in the future to produce a different contract with the same (past) timestamp? If so, is it possible to defend against these attacks now by counter-signing them today with SHA-256? (I'm thinking that the counter-signature would prove that someone in 2017, whilst the SHA-1 signature was still worth something, vouched for the original contents and *that* counter-signature won't be similarly vulnerable for ... well, a few more years yet?)
Biting the hand that feeds IT
