On Wed, Oct 24, 2007 at 02:32:59PM -0400, Bernardo Innocenti wrote: > On 10/24/07 13:09, Alan Cox wrote: > >On Wed, Oct 24, 2007 at 12:14:04PM -0400, Bernardo Innocenti wrote: > >>Please, let's not add an external dependency for something > >>as trivial as a SHA1. > > > >The positives to adding an external dependancy are you only have > >to worry about bugs in one implementation. > > That's right, in general. > > But in this specific case, we're talking about adding a bulky > library and all of its dependencies to Python just to save 25 > lines of duplicated code. Well, the point isn't saving 25 lines of code, the point is also having something that is certified to do SHA1 correctly. The 25 line version isn't, even though it very likely is just as good... Now, having NSS depend on something small & tiny & certified for sha1 (even if it's nss-hashes inside the same tarball that could be split up with rpm) that other stuff could use as well might be useful. No idea what chance of that happening ever there is... -- Pekka Pietikainen -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
