If I create a sha256 repository using git init --object-format=sha256, I get the error fatal: protocol error: unexpected capabilities^{} when trying to push.

Rationale: the use case requires the repo to be tamper-proof. Using sha256 is easier than explaining the difference between a collision and a pre-image attack.