Re: [Bacula-devel] [patch] Replacing sha1 with an undoubtedly free version

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hello Carsten,</p>
    <p>I am looking at the request you made (see below).  First: yes, I
      will be happy to consider your request, but have several
      questions:</p>
    <p>1. What is wrong with the current SHA1 code/license? For me the
      license is very much like a BSD license and I don't see a problem
      with it on the license stand point.</p>
    <p>2. Are you be 100% sure that the code written by Steve Reid did
      not include any copyrighted material?</p>
    <p>3. I would like to see a comparison of the speed of the current
      code in Bacula vs the new proposed SHA1.</p>
    <p>4. I would like to see a comparison of the output of the two
      routines to ensure that they are identical.</p>
    <p>Note 1: currently SHA1 is not used much in Bacula (default), but
      I am considering changing the current MD5 default hash used for
      authentication as well as the file data hash to SHA1, so the speed
      of the SHA1 algorithm will become much more important.</p>
    <p>Note 2: seemingly simple changes such as this have in the past
      created a number of unexpected problems (e.g. with big endian
      architectures or compiling on "esoteric" architectures/OSes. 
      Consequently, I would prefer some strong arguments in your
      responses.</p>
    <p>Best regards,</p>
    <p>Kern<br>
    </p>
    <p><br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 09/16/2017 05:32 PM, Carsten
      Leonhardt wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:874...@ar...">
      <pre wrap="">Hi Kern,

would you consider the following patch that replaces the SHA1 function
with another one by Steve Reid that's undoubtedly free?
(c.f. <a class="moz-txt-link-freetext" href="http://bugs.bacula.org/view.php?id=1869">http://bugs.bacula.org/view.php?id=1869</a>)

The proposed replacement is used in many open source projects, as can be
verified at <a class="moz-txt-link-freetext" href="https://codesearch.debian.net/search?q=Steve+Reid">https://codesearch.debian.net/search?q=Steve+Reid</a>

In essence, it just changes the sole occurence of "SHA1Context" to
"SHA1_CTX" in src/lib/crypto.c and replaces src/lib/sha1.[ch] with those
found in libsolve (<a class="moz-txt-link-freetext" href="https://github.com/openSUSE/libsolv/tree/master/src">https://github.com/openSUSE/libsolv/tree/master/src</a>).

I'll run tests with the patch if there's a chance that it could be
adopted.

Regards,

Carsten

</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! <a class="moz-txt-link-freetext" href="http://sdm.link/slashdot">http://sdm.link/slashdot</a></pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Bacula-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Bac...@li...">Bac...@li...</a>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/bacula-devel">https://lists.sourceforge.net/lists/listinfo/bacula-devel</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>