On Thu, Aug 23, 2018 at 03:47:07AM +0000, brian m. carlson wrote: > I expect that's going to be the case as well. I have patches that > wire up actual SHA-256 support in my hash-impl branch. > > However, having said that, I'm happy to defer to whatever everyone else > thinks is best for 2.19. The assert solution would be fine with me in > this situation, and if we need to pull it out in the future, that's okay > with me. > > I don't really have a strong opinion on this either way, so if someone > else does, please say so. I have somewhat more limited availability > over the next couple days, as I'm travelling on business, but I'm happy > to review a patch (and it seems like Peff has one minus the actual > commit message).
I just posted the patch elsewhere in the thread. I think you can safely ignore the rest of it if you are otherwise occupied. Even if v2.19 ships without some mitigation, I don't know that it's all that big a deal, given the numbers I generated (which for some reason are less dramatic than Stolee's). -Peff
