Joey Smith wrote:
I've managed to add the sha1 algorithm as implemented in the OpenSSL
library to my dbmail, along with the '{sha1:}' and '{sha1}' password
prefixes in dbmail-adduser for mode "a". (I don't have SHA support in
mode "c" as of yet). I /was/ going to try to make it all clean and
nice and offer it as a full patch set, but I've been having problems
finding my way through the generation of the top-level Makefile, so I
decided to see if:
1) Anyone else is even interested in this
I think this is a Good Thing. I've personally wanted MD5 as a password
option because I don't trust crypt (DES), but SHA1 will do just fine by
me. If you introduce it, I'll use it.
The only question for me is exports; if you are in the US like me, it
might be illegal to submit the patch to IC&S, them being in NL, due to
our lovely military munitions export controls. I don't know whether SHA
is export-safe or not. If not, you might just have to have the patch
file on your website forever with a Big Fat Disclaimer forbidding
"far-ners" from downloading it.
3) It's worth doing in the 1.x tree at this point, or whether I should
be doing this work in 2.0?
Why not both? Unless 2.0 is drastically different, it might not be much
extra work. My hosting company will be on 1.2 until bugfixes,
attractive new features (such as this), or an end-of-life prompt me to
go to 2.0.
Also, if you're still feeling generous when you figure out the mystery
of the configure script, please clue me in.
--
Will Berry
Co-founder, Second Brain website hosting
http://www.secondbrainhosting.com/