There's embedded copies of sha1, sha256, sha512 in the upstream package: https://github.com/libimobiledevice/libimobiledevice- glue/tree/master/src
I haven't yet looked at our version of the package. The libimobiledevice library is licensed LGPL; the libtomcrypt code has been placed in the public domain. I'm sure our certifications team would much prefer if this could be switched to use OpenSSL instead so that we can rely upon an already- certified cryptography implementation. What would it look like to switch this package to relying upon some already-certified cryptography? (Upstream may or may not want to link against OpenSSL, not everyone is prepared to treat it as a "system library". They may also not wish to use the OpenSSL APIs, not everyone is prepared to like those.) Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2074086 Title: MIR libimobiledevice-glue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libimobiledevice-glue/+bug/2074086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
