On Thu, Oct 19, 2017 at 10:56 PM, Thierry <sage-googlesu...@lma.metelu.net> wrote: > Hi, > > On Thu, Oct 19, 2017 at 08:07:19PM +0200, Luca De Feo wrote: >> |X| Yes, we should fully support OpenSSL now, and clarify the >> licensing issue. >> >> > the way our >> > "package manager" works allows to install an optional package without >> > having to rely on openssl (no https), we only rely on the computation of >> > sha1 >> >> There you go for something crippled! https://shattered.io/ > > sha256 is also supported by python-hashlib compiled without openssl > support, so we could/should easily move to using it in Sage "package > manager" (build/sage_bootstrap/tarball.py).
+1 to switching to and/or adding support for SHA-256 hashes. As Thierry noted that are several SHA-256 implementations for Python, in fact, that don't rely in any way on OpenSSL or have problematic licenses. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
