tag 879459 wontfix On Sat, Oct 21, 2017 at 1:33 PM, Anders Kaseorg <ande...@mit.edu> wrote:
> Git’s builtin SHA-1 implementation has the advantage of trying to detect > attempted collisions (https://github.com/cr-marcstevens/ > sha1collisiondetection), which seems like good thing to do by default > these days. > > Furthermore, Debian does not ship GPL code linked with OpenSSL for license > reasons (https://lintian.debian.org/tags/possible-gpl-code-linked- > with-openssl.html). > > the cryptograms parts of openssl are under BSD-3 (although 6aa36e8e5a0 was confused and didn't notive this) > Anders >