On 07.11.2013 06:57, William A. Rowe Jr. wrote: > On Wed, 16 Oct 2013 16:17:33 +0100 > Nick Kew <[email protected]> wrote: >> On 10 Oct 2013, at 21:49, Dirkjan Ochtman wrote: >> >>> The reason I've recently gotten interested in APR (and SHA support) >>> is my work on https://github.com/mozilla/mod_authn_persona. >> OK, that raises two questions: >> >> 1. From your point of view, how useful would a fully-implemented >> apr_sha2 be, compared either to using a third-party library or a >> standalone implementation? >> >> 2. If it does add value, is the API referenced in your bug exactly >> what you want, or might there be mileage in reviewing/extending it? >> >> It's not really clear to me what value an APR wrapper adds to sha2. >> Or indeed, md5/sha1, beyond their being widely used by existing apps. > If we are a 'hash provider', IMHO we should provide the strongest > hashing available, even if we simply delegate it to openssl (which we > already consume in apr 2). Otherwise, it seems prudent to get out of > the hashing business and rip out md/sha1 entirely from apr 2.
I'd sooner rip the dbd and dbm providers ... and the built-in Berkeley-DB wrapper whose only discernible purpose is to create havoc by helping apps to load two different versions of BDB at the same time. -- Brane
