Hi, the bacula upstream sources contain the SHA1 implementation from the RFC. For the Debian packages, we delete the files sha1.* and repackage the source (for the complete history, see bug #658326).
Using codesearch, I found that other packages use the implementation by Steve Reid and submitted a patch to upstream which I based on the version found in libsolve. Now upstream asks the following questions (in https://sourceforge.net/p/bacula/mailman/message/36085638/): > 1. What is wrong with the current SHA1 code/license? For me the > license is very much like a BSD license and I don't see a problem with > it on the license stand point. AFAIR the problem is that the RFC is not to be modified, and the code came as part of the RFC, so falls under the same restriction, right? The files in question can be reviewed here: http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/src/lib/sha1.c http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/src/lib/sha1.h > 2. Are you be 100% sure that the code written by Steve Reid did not > include any copyrighted material? Any idea how I can be sure? > 3. I would like to see a comparison of the speed of the current code > in Bacula vs the new proposed SHA1. > 4. I would like to see a comparison of the output of the two routines > to ensure that they are identical. Is someone aware of anyone that has already done so? Thanks for any input. Regards, Carsten
