Should we settle on one SSL implementation?

Alan Cox alan at redhat.com
Wed Oct 24 17:09:13 UTC 2007


On Wed, Oct 24, 2007 at 12:14:04PM -0400, Bernardo Innocenti wrote:
> Please, let's not add an external dependency for something
> as trivial as a SHA1.

The positives to adding an external dependancy are you only have
to worry about bugs in one implementation.

I also note:

> >We need a strong hash function as this replaces the previous weak hash +
> >memcmp when checking incoming glyphs for matches with the existing set
> >of server-resident glyphs. One could argue that this must be
> >cryptographically secure to avoid applications uploading misleading
> >glyph images.

Which presumably means they'll not be using SHA1 much longer - right ?




More information about the fedora-devel-list mailing list