[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#682401: dbmmanage: please use Digest::SHA instead of Digest::SHA1


On 22.07.2012 22:22, Stefan Fritsch wrote:
> AFAICS, dbmmanage has not seen a single code commit upstream since the 
> C variant, htdbm, has been introduced in 2001. Maybe we should get rid 
> of dbmmanage in the 2.4 packages. But unbreaking it for wheezy by 
> using Digest::SHA instead of Digest::SHA1 is still a good idea. 

Wouldn't it make sense to get rid of it upstream as well then? As for me
I'm fine to leave it around in 2.2 and patch it as Ansgar suggested, but
I'd be less careful about the upstream applicability then.

I'll make a patch for 2.2/2.4 tomorrow and get in touch with the release
team afterwards.

> And I wouldn't change dependencies for squeeze unless some user 
> actually complains. And even then, a suggests may be more appropriate 
> in the case of Digest::SHA1, because the sha1 password hashing variant 
> supported in apache is very insecure (no salt).

Fine with me.

with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: