xserver dependency on crypto library because of a hashmap

Rémi Cardona remi at gentoo.org
Sun Jun 8 14:37:07 PDT 2014

Le dimanche 08 juin 2014 à 15:46 +0200, Marek Behun a écrit :
> 300 lines of code only to
> wrap external library calls. In those 300 lines one could write some
> simpler, faster hashmap hash function (isn't crc32 or something simpler
> good enough for this?), 

Back in our bugzilla, your only concern seemed to be about our package
depending on OpenSSL. While I understand that concern with all the
recent security flaws in that lib, do you have any numbers to back your
new-found concern regarding speed?

As for using something else, SHA1 was introduced nearly 7 years ago,
precisely to replace a custom XOR hash:

commit 19b3b1fd8feb343a690331cafe88ef10b34b9d98
Author: Carl Worth <cworth at cworth.org>
Date:   Tue Jul 31 17:04:13 2007 -0700

See this thread for some reasoning

> or one could copy the entire code for sha1 from another library.

commit a39377cbcbd3091095efbeab25bec18ae520147e
Author: Keith Packard <keithp at keithp.com>
Date:   Tue Sep 23 09:22:07 2008 -0700

    Revert "Render: Use built-in SHA1 library"
    This reverts commit d3bd31fddff7894f89ba80a3cdddff49aff08db8.
    X.org should not be providing a custom SHA1 implementation.

Bundled libraries are distributions' worst nightmares and this
particular debate has been settled.

> Depending on external crypto library because of a hashmap is insane for
> Christ's sake.

I fail to see the insanity of depending on other libraries when they fit
the bill.


More information about the xorg-devel mailing list