Use GLib for computing SHA-1 digests #725
Conversation
In d605ffe, we ported the generation of digests from a bundled library to Nettle. However, Red Hat security policies require that no package depend on Nettle directly. Since GLib provides functions to compute SHA-1 digests as well, we are migrating the code to use it as of now. Related: https://bugzilla.redhat.com/show_bug.cgi?id=1956871
Since f0a0a20 the `libreport_bin2hex()` and `libreport_hex2bin()` functions are left unused anywhere in libreport or abrt. Let's get rid of them.
|
This is a good opportunity to get rid of SHA1 from libreport. Please use G_CHECKSUM_SHA256 instead of the G_CHECKSUM_SHA1. It is OK if you add it as another commit in this PR. |
|
Same as with satyr, glib is an even worse choice than nettle cert-wise, sorry. |
OK, that might be a way. Are we 100% sure it doesn't break anything, though? |
|
Sorry, forgot to respond. We are not 100% sure it will not break anything, but the chances are small. The only thing that relies on hash values is the duplicate hash calculation so we lose duplicates detection between old and new bugs, but that is something we already talked about in the past that it is not a big deal. |
|
Sorry, I am dropping the request to change the hash function for now. Let's merge and think what function is most suitable later. |
|
ACK. |
In d605ffe, we ported the generation of digests from a bundled library to Nettle. However, Red Hat security policies require that no package depend on Nettle directly. Since GLib provides functions to compute SHA-1 digests as well, we are migrating the code to use it as of now.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1956871