On 08.01.2014 02:54, Peter Wemm wrote: >> > Could we, please, have MD2 resurrected before 10.0 is officially out? >> > Preferably in both -lmd and -lcrypto, but certainly in the former. Thank >> > you! Yours, > The time to bring this up was before the freeze for 10.0, a good 6+ > months ago. It is way too late now. First of all, Peter, are you talking as a core-member, or expressing personal opinion? In any case, I'd say it is not entirely fair to blame me for reporting a problem "late" -- without any apologies about causing it in the first place... But is it really "too late" to add such a small piece back to where it was? I'm not talking about resurrecting uucp here... Meanwhile, any existing MD2-using application will simply break after upgrade -- does that not bother anyone? If the code was removed after 19 years in the tree, is 6 months really "too late" to resurrect it? > However.. the code in libmd had had a non-commercial use restriction.. > Even if it wasn't too late, that code won't be back. That restriction was not (enough of) a problem for 20 years (since 1994) -- and still is not in 9.x and 8.x. But, Ok... > Your best bet is to create a crypto/libmd2 port. Start with the code > from openssl. Adding such a port increases the number of hoops for any user to jump through -- and the maintenance costs. Whereas the cost of simply adjusting the base OpenSSL's configuration to include MD2 functionality is virtually zero -- a single additional file file will be back (md2.h), and no new libraries... OpenSSL port offers MD2 as an option -- surely the base version can have that same option flipped on without breaking anything. Yours, -miReceived on Wed Jan 08 2014 - 14:00:26 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:46 UTC