Hello, I would like to ask about the implementation and usage of SHA-1 algorithm. Currently in RHEL-9, usage or implementation of SHA-1 will be deprecated. Is there a way to disable usage of the SHA-1 implementations? More info about the official analysis about the context here: The use of SHA-1 in RHEL9 is deprecated. This package has been found to implement and/or use SHA-1. If possible, please attempt to resolve this issue before the RHEL-9 beta deadline. See below for details. The use of SHA-1 is no longer permitted for Digital Signatures or authentication. There are a few exceptions to this rule, such as for some legacy protocols. These restrictions are enforced by the system wide crypto policies in RHEL-9, provided the core set of validated crypto libraries such as openssl, nss or gnutls, are used. To avoid your package from breaking due to SHA-1 being disabled via the System Wide Crypto Policies, please ensure that the use of SHA-1 is disabled where-ever possible. If this is not possible, please explain why this is the case. - If SHA-1 is used for Digital Signatures or authentication, where possible replace it with SHA-2. If this is not possible, please contact the rhel-crypto team. - If SHA-1 is used for signatures, ensure to only use it for signature validation. Prevent the code from generating new SHA-1 based signatures. - If SHA-1 is part of any default configuration list of hashing methods, please remove it from the default configuration list. Add SHA-2 if there would otherwise be no defaults left. - If SHA-1 is used for any other purpose, such as generating unique object IDs, switch to SHA-2 when possible. If this is not possible, attempt to limit the creation of further SHA-1 based identifiers and only use SHA-1 to consume existing object identifiers. This will make it easier to remove SHA-1 in the future. - If this package implements DNSSEC validation code, please ensure that a failure of SHA-1 results in "insecure DNS answers" and does not fail using ServFail. - If this package requires SHA-1 for Digital Signature verification, please create a documentation file (eg README-SHA1.md) with documentation to assist the rhel-crypto team in future reviews. For example, a mail program that wants to be able to validate emails sent 10 years would need to be able to keep using SHA-1 - If your package uses a protocol that dictates the use of SHA-1 for Signature validation or authentication, and there is no standarized alternative, please contact the rhel-crypto team for an exception. - Note that all of these recommendations for SHA-1 also apply to MD5. Feel free to apply the SHA-1 rules to any MD5 implementation or usage that is implemented or used as well. Package specific details: - Contains THREE(!) SHA-1 implementation, in mksourceid to checksum files, dbhash for database checksums, Thanks for your advice!