Re: Add openssl for hashing, as an option
Hi!
On Thu, 2023-07-20 at 16:58:32 +0200, Adam Majer wrote:
> This seems to be related to
> https://lists.debian.org/debian-dpkg/2023/06/msg00059.html
> which I've found after I've created this patch already. The motivation
> is not to use openssl instead of libmd, but to have the option to use it
> in addition to.
The same reasoning from my replies applies here. In addition it seems
the low-level hashing functions are deprecated for public consumption.
> For openSUSE, we have dpkg in Ring0 rebuild set. It means, this set of
> packages is rebuild quite often and is always consistent. Adding
> additional dependencies, even small ones like libmd, increases the load
> that is placed on our infrastructure.
Hmm, I mean I don't know how openSUSE infra works and all, but it feels
weird that a tiny dependency would incur such additional load. In
Debian for example it's a plus that the build image is as minimal as
possible so that no accidental build dependencies go unnoticed.
> So the purpose here is to add support for OpenSSL while keeping libmd as
> the primary source of the hashing function.
Given that AFIUI the higher level OpenSSL functions might decide to
refuse to provide such implementations depending on the build-time or
run-time configuration and configured policies of the library, it does
not look like something I'd like to support TBH.
> For the record, I do agree with the initial rationale of replacing the
> in-tree implementation with libmd.
I think it libmd would be so problematic to the point of wanting to be
avoided, I'd rather re-embed the digest function code. :/
Thanks,
Guillem
Reply to: