Closed azubieta closed 5 years ago
Why should we change a running system?
I don't see the advantage. We already ship our own MD5 digest algorithm to not have to depend on "larger" libs. Apart from that, the library doesn't offer anything else of interest.
Please don't introduce additional dependencies unless there is not a totally pressing need. We already have too many for my taste.
We already have too many for my taste.
Such as?
I would be interested in getting rid of our own MD5 implementation, generally spoken. libcrypt isn't heavyweight either, probably has compatible license and can most likely be linked statically. However, I would want to hear why @azubieta suggests this. The issue doesn't contain any information on this...
What is wrong about our current MD5 implementation? It works, we have no issues with it, so why touch it.
It's random code from the Internet that never will be updated. It hasn't been reviewed in depth by me either. Also, we need additional hashing algorithms anyway for other purposes. And I don't necessarily want to maintain such dependencies myself, we don't need to like, ship MD5 another time to a system which already has a few dozens.
@probonopd using libcrypt is your idea :) see the referenced comment at the top. I'm just extracting the issues that were exposed in the #33 review and can be delayed.
Uh, ok, then it must be an old leftover. Has been solved a long time ago. Sorry for the confusion, closing.
https://www.freebsd.org/cgi/man.cgi?crypt(3)