Should we settle on one SSL implementation?
Alan Cox
alan at redhat.com
Wed Oct 24 17:09:13 UTC 2007
On Wed, Oct 24, 2007 at 12:14:04PM -0400, Bernardo Innocenti wrote:
> Please, let's not add an external dependency for something
> as trivial as a SHA1.
The positives to adding an external dependancy are you only have
to worry about bugs in one implementation.
I also note:
> >We need a strong hash function as this replaces the previous weak hash +
> >memcmp when checking incoming glyphs for matches with the existing set
> >of server-resident glyphs. One could argue that this must be
> >cryptographically secure to avoid applications uploading misleading
> >glyph images.
Which presumably means they'll not be using SHA1 much longer - right ?
More information about the fedora-devel-list
mailing list