Git’s builtin SHA-1 implementation has the advantage of trying to detect 
attempted collisions 
(https://github.com/cr-marcstevens/sha1collisiondetection), which seems like 
good thing to do by default these days.

Furthermore, Debian does not ship GPL code linked with OpenSSL for license 
reasons 
(https://lintian.debian.org/tags/possible-gpl-code-linked-with-openssl.html).

Anders

Reply via email to