On Wed, Oct 24, 2007 at 12:14:04PM -0400, Bernardo Innocenti wrote: > Please, let's not add an external dependency for something > as trivial as a SHA1. The positives to adding an external dependancy are you only have to worry about bugs in one implementation. I also note: > >We need a strong hash function as this replaces the previous weak hash + > >memcmp when checking incoming glyphs for matches with the existing set > >of server-resident glyphs. One could argue that this must be > >cryptographically secure to avoid applications uploading misleading > >glyph images. Which presumably means they'll not be using SHA1 much longer - right ? -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
