I think if the result is that we are actually using a weaker hashing due to this change compared to SHA1, then there is no point in making the change. If I understand correctly, anything under 10 isn’t considered secure at all today. (I couldn’t find a comparison of what cost gives similar security to SHA1)
If the result is that to get stronger hashing we need to make all api calls take an extra 100ms+ I would be be against this - scripts such as ansible inventory can make thousands of calls to the API, so this will add multiple minutes to the runtime.
