http://mediawiki.localhost/index.php?title=Special:OAuthConsumerRegistration/propose/oauth1a displays mwoauth-consumer-rsakey-help saying
"Enter a public key to use the RSA-SHA1 signature method. Leave empty to use HMAC-SHA1 with a random secret. If you are not sure which, leave it empty."`
In my understanding of https://en.wikipedia.org/wiki/SHA-1 this is something to explicitly discourage.
The string should express that RSA-SHA1 is insecure, and that HMAC-SHA1 is recommended.