edited to clarify, thanks for pointing it out. It wouldn't be responsible for us to only publish when we got to the same stage for SHA-256, since at that point TLS and other certificates would be considered compromised.