> Yes, this is a serious issue -- we are totally dependent on openssl > for computing MD5 checksums. Several modules use MD5 checksums > casually, and it's not good that these fail when openssl isn't > available (or if it's too old, like what happened on an ancient Red > Hat 7.3 system I have at home). I'm tempted to put the old > RSA-copyrighted md5.c back in as a fallback, even though its license > is impopular. Or perhaps we could make a copy of a small fraction of > openssl and use that? I think MD5 is the only one that's popular > enough to warrant this treatment; I think SHA1 is a distant second.
Every OS I use has openssl installed so i figured someone else had made the same decision and removed the non-openssl variants. Are there really non-linux/bsd/osx installations out there where anyone intends to build and install python that do -not- have openssl installed somewhere? That'd be sad but in that case we shouldn't abandon them. Modifying setup.py to find it installed in a different place should be easy if thats all it takes. Rather than resurrecting the old RSA-copyright md5.c I can easily make new ones out of the libtomcrypt md5 and sha1 sources the same way i created the non-openssl sha256 and sha512 modules. We should not limit ourselves to only md5 if we do that, lets guarantee that md5, sha1 - sha512 are available on all future python installs; its not difficult. I'll do the work if we need it. -gps
_______________________________________________ Python-3000 mailing list [email protected] http://mail.python.org/mailman/listinfo/python-3000 Unsubscribe: http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
