Hi! On Thu, 2023-07-20 at 16:58:32 +0200, Adam Majer wrote: > This seems to be related to > https://lists.debian.org/debian-dpkg/2023/06/msg00059.html > which I've found after I've created this patch already. The motivation > is not to use openssl instead of libmd, but to have the option to use it > in addition to.
The same reasoning from my replies applies here. In addition it seems the low-level hashing functions are deprecated for public consumption. > For openSUSE, we have dpkg in Ring0 rebuild set. It means, this set of > packages is rebuild quite often and is always consistent. Adding > additional dependencies, even small ones like libmd, increases the load > that is placed on our infrastructure. Hmm, I mean I don't know how openSUSE infra works and all, but it feels weird that a tiny dependency would incur such additional load. In Debian for example it's a plus that the build image is as minimal as possible so that no accidental build dependencies go unnoticed. > So the purpose here is to add support for OpenSSL while keeping libmd as > the primary source of the hashing function. Given that AFIUI the higher level OpenSSL functions might decide to refuse to provide such implementations depending on the build-time or run-time configuration and configured policies of the library, it does not look like something I'd like to support TBH. > For the record, I do agree with the initial rationale of replacing the > in-tree implementation with libmd. I think it libmd would be so problematic to the point of wanting to be avoided, I'd rather re-embed the digest function code. :/ Thanks, Guillem
