> I would like to ask
As far as I can tell, you're making demands, not asking anything.
Maybe instead of sending around sternly-worded broad-based form letters, you could make an effort to try to understand the projects you're sending them to first and tailor the message accordingly?
Oh, and out of personal interest, would you mind linking us to the copy of this same form letter that your organization has presumably sent to the Git project? I *really* want to see the resulting firestorm from dropping this little bomblet on 'em.
> To avoid your package from breaking due to SHA-1 being disabled...
This is what I'm getting at when I say you haven't done your homework before sending this message off.
Are you sitting down? If not, please do, because you need to let this command's output bake your noodle for a time before you reply:
$ sudo dnf remove sqlite-libs
Error:
Problem: The operation would result in removing the following protected packages: dnf
With the understanding resulting from this demonstration of the direction the dependency arrow actually points, would you perhaps reconsider coming across all strong-arm on this matter?
— Signed, a CentOS user who's taken a shot to the jewels from y'all once already this year and doesn't want another, thanks.
P.S. I support your desire to remove SHA-1 everywhere possible, but Red Hat needs to realize it's dependent on the FOSS software community to provide a large chunk of the software it makes those billions off. How about you dial that arrogance back a bit, 'kay?