widelands

Widelands bundles internal copy of md5

Bug #536162 reported by Sigra
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
widelands
Won't Fix
Low
Unassigned

Bug Description

Widelands bundles an internal copy of md5. This is bad style that violates the policy of distributions and prevents inclusion in official package repositories (see for example [http://blog.flameeyes.eu/2009/01/02/bundling-libraries-for-despair-and-insecurity]). The code is probably not forked.

SirVer (sirver)
Changed in widelands:
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
David Allwicher (aber) wrote :

so, I guess openssl would be the library of choice?

Revision history for this message
Jens Beyer (qcumber-some) wrote :

I had a little check on this.

The code we have in widelands is some old example code by Ulrich Drepper, which has been adopted and modified/extended by many people.

I guess, as aber says, openssl would be the best choice. But it needs reimplementation.

The original code by Ulrich Drepper seems not to be generally available as library. It seems to be part of gnu coreutils binary "md5sum" but that's as far as I could find anything.

Revision history for this message
SirVer (sirver) wrote :

openssl might be an issue for windows compilation. Tino, can you confirm?

Also, that is a crypto library, would we not run into some exporting regulations here?

Revision history for this message
SirVer (sirver) wrote :

Setting to incomplete for bug sweeping.

Changed in widelands:
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for widelands because there has been no activity for 60 days.]

Changed in widelands:
status: Incomplete → Expired
Revision history for this message
SirVer (sirver) wrote :

This code has been modified quite often by us. If it is still third_party, we should simply move it into our third_party sub dir and be done with. Otherwise this is not worth any trouble anymore I think.

Changed in widelands:
status: Expired → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.