Hi, On 22.07.2012 22:22, Stefan Fritsch wrote: > AFAICS, dbmmanage has not seen a single code commit upstream since the > C variant, htdbm, has been introduced in 2001. Maybe we should get rid > of dbmmanage in the 2.4 packages. But unbreaking it for wheezy by > using Digest::SHA instead of Digest::SHA1 is still a good idea. Wouldn't it make sense to get rid of it upstream as well then? As for me I'm fine to leave it around in 2.2 and patch it as Ansgar suggested, but I'd be less careful about the upstream applicability then. I'll make a patch for 2.2/2.4 tomorrow and get in touch with the release team afterwards. > And I wouldn't change dependencies for squeeze unless some user > actually complains. And even then, a suggests may be more appropriate > in the case of Digest::SHA1, because the sha1 password hashing variant > supported in apache is very insecure (no salt). > Fine with me. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D
Attachment:
signature.asc
Description: OpenPGP digital signature