Recently, in #Copr, we hit an issue about SHA1 signatures in #RHEL9 - Pavel wrote it down https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
If you still sign packages using SHA1, you should read it.
@lig Red Hat does not use SHA1 since RHEL6 (included). But lots of other vendors use it. Still. It needs to be reported to these vendors.
@mirek Good point, thanks! I'll make sure to report it to a vendor next time I experience the issue.
@mirek I've faced this recently. AFAIR it was on Centos Stream 9 with k3s installer. But I'm not sure. I need to check. Or maybe it was Centos Stream 9 container... I'll try to reproduce but cannot promise;)