On 9/5/07, Gregory P. Smith <[EMAIL PROTECTED]> wrote: [Guido] > > Yes, this is a serious issue -- we are totally dependent on openssl > > for computing MD5 checksums. Several modules use MD5 checksums > > casually, and it's not good that these fail when openssl isn't > > available (or if it's too old, like what happened on an ancient Red > > Hat 7.3 system I have at home). I'm tempted to put the old > > RSA-copyrighted md5.c back in as a fallback, even though its license > > is impopular. Or perhaps we could make a copy of a small fraction of > > openssl and use that? I think MD5 is the only one that's popular > > enough to warrant this treatment; I think SHA1 is a distant second. > > Every OS I use has openssl installed so i figured someone else had made the > same decision and removed the non-openssl variants. Are there really > non-linux/bsd/osx installations out there where anyone intends to build and > install python that do -not- have openssl installed somewhere? That'd be > sad but in that case we shouldn't abandon them. Modifying setup.py to find > it installed in a different place should be easy if thats all it takes. > > Rather than resurrecting the old RSA-copyright md5.c I can easily make new > ones out of the libtomcrypt md5 and sha1 sources the same way i created the > non-openssl sha256 and sha512 modules. > > We should not limit ourselves to only md5 if we do that, lets guarantee that > md5, sha1 - sha512 are available on all future python installs; its not > difficult. I'll do the work if we need it.
I'd appreciate that -- openssl is a fickle dependency. -- --Guido van Rossum (home page: http://www.python.org/~guido/) _______________________________________________ Python-3000 mailing list [email protected] http://mail.python.org/mailman/listinfo/python-3000 Unsubscribe: http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
