Excerpts from Mikhail Gusarov's message of Sat Nov 28 04:31:15 +0100 2009: > > Twas brillig at 21:28:03 27.11.2009 UTC-06 when jeff at ocjtech.us did gyre > and > gimble: > > JCO> Instead of including a private implementation of the SHA1 hash > > xserver went this road, and now it has > --with-sha1=libc|libmd|libgcrypt|libcrypto|libsha1|CommonCrypto in > configure.
>From a distribution & security point of view I'd much rather be able to choose one hashing library & use that as widely as possible, rather than having every application ship its own copy. > JCO> This means less code of our own to maintain and > > As libsha1 maintainer I'm volunteering to maintain in-tree copy in > notmuch :) Right, but on top of that, it would still be preferable to keep the option for packagers to use a system library instead. Most distributions have a rather strict policy to use system libraries over internal copies. -- Exherbo KDE, X.org maintainer