In line 555 and 690 in crypto.c, there are the following FIXME's:
/* ### FIXME: This should be a SHA-256. */
SVN_ERR(svn_checksum(&stuff_sum, svn_checksum_sha1, stuff_vector,
stuff_len, scratch_pool));
The problem appears to be that there is no sha-256 implementation in
the apr_util crypto library, the one sha-256 algorithm there is,
resides in /apr/random/unix/sha2.c and looks like an internal
implementation which is not meant for public consumption.
Should there be a new label, which ensures that issues that are
dependent on outside agents are checked periodically to see if they
now can be resolved? Say: WAITING: <last date checked, reason>
so in this case, the comment would be:
/* ### WAITING 2013-Jan:
Convert to sha-256 once apr_util supplies this. */
