[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Should we settle on one SSL implementation?

From: Alan Cox <alan redhat com>
To: Development discussions related to Fedora <fedora-devel-list redhat com>
Cc: Jesse Keating <jkeating redhat com>
Subject: Re: Should we settle on one SSL implementation?
Date: Wed, 24 Oct 2007 13:09:13 -0400

On Wed, Oct 24, 2007 at 12:14:04PM -0400, Bernardo Innocenti wrote:
> Please, let's not add an external dependency for something
> as trivial as a SHA1.

The positives to adding an external dependancy are you only have
to worry about bugs in one implementation.

I also note:

> >We need a strong hash function as this replaces the previous weak hash +
> >memcmp when checking incoming glyphs for matches with the existing set
> >of server-resident glyphs. One could argue that this must be
> >cryptographically secure to avoid applications uploading misleading
> >glyph images.

Which presumably means they'll not be using SHA1 much longer - right ?

Follow-Ups:
- Re: Should we settle on one SSL implementation?
  - From: Bernardo Innocenti

References:
- Should we settle on one SSL implementation?
  - From: Bernardo Innocenti
- Re: Should we settle on one SSL implementation?
  - From: Thomas M Steenholdt
- Re: Should we settle on one SSL implementation?
  - From: Steve Grubb
- Re: Should we settle on one SSL implementation?
  - From: John Dennis
- Re: Should we settle on one SSL implementation?
  - From: Rex Dieter
- Re: Should we settle on one SSL implementation?
  - From: seth vidal
- Re: Should we settle on one SSL implementation?
  - From: Jesse Keating
- Re: Should we settle on one SSL implementation?
  - From: Tomas Mraz
- Re: Should we settle on one SSL implementation?
  - From: Jesse Keating
- Re: Should we settle on one SSL implementation?
  - From: Bernardo Innocenti

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]