Agreed, matching the dlist timestamp makes sense.
Here’s another idea for an enhancement: Include the date each file was last verified against the hash in the uploaded verification file (to go with Repository validation & contents UI module). That way the verification status/history of the repository can also rebuilt using the data in the repository if the database is lost. This would save a lot of time re-verifying files if the DB is lost.