Whatever happened to SHA-256 support in Git?

Various industries in the US require that you comply by those standards, and given how many companies at least work with US companies that means it tears through a lot of the world.

While it's a bit ridiculously broad to state you simply are not allowed to generate sha-1 hashes ever (one of the addendum documents makes this explicit), it does make sense from a policy perspective. Otherwise there's just no incentive to ever change, and some deeply rooted uses of sha-1 will be passed over and eventually found to be problematic.

If git can't adapt, in theory competitors should step up and through all that newfound industrial funding eventually become less of a mess. The policy makes sense, even if it in practice results in some pretty silly trade-offs in the short term.

Of course, companies should just spend the money to get that 10% of the work done, but well, not everybody lives in the open source world, and I imagine a lot of the people who decide where budget goes just understand git as yet another product, not a community project that they have the power to modify. I imagine they also look at the competitors and don't see the problems, especially given they likely migrated to git at some point in the past, so it's just regressing back to the state of 10 years ago, which isn't that long in the kind of industry that cares about regulation like this.