No, I wanted just the first message to reach both, because I am subscribed to both lists. Interested people can search archives of the other list. I expected those lists have very likely disjoint members not able to write to both. Feel free to remove epel-devel from further responses here to avoid receiving errors (and vice versa). On 4/14/22 00:49, Mark Andrews wrote: I am not sure what is the platform you are describing. RHEL 9 won't be able to verify RSASHA1 signature even in default policy, let alone in FIPS mode. Yes, I find it also disturbing that there is no good public API to check SHA-1 availability except attempting a real crypto operation. I hope that will improve later, but I don't know well working candidate API at the moment. -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemensik(a)redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB