On Thu, Jun 07, 2001 at 01:09:28AM +0200, Sander Striker wrote: > This will mean introducing a dependency on openssl > for applications, (and until md5 is replaced by something > that provides randomness, apr too).
That's the problem. I think introducing OpenSSL is going to be a big nightmare for httpd (and I'll bet we get tons of -1s on the httpd side for this). Whatever httpd needs should probably be in apr-util (sha and md5) - everything else can use OpenSSL. I'd like to hear feedback from others. I already stated my position earlier this week. -- justin
