Re: Combining APPLE_COMMON_CRYPTO=1 and NO_OPENSSL=1 produces unexpected result
From: Junio C Hamano <hidden>
Date: 2016-06-15 23:07:46
David Aguilar [off-list ref] writes:
I think the best long-term solution would be to abandon the CommonCrypto backend, if possible. There's not a strong reason for its existence. It always seemed kinda hacky, and bolted-on. ...quoted
A few questions we should be asking Apple users are: - Is there a strong-enough reason why those who do not want to use SSL should be able to choose the SHA-1 implementation available from CommonCrypto over block-sha1?IMO, no.quoted
- Is CommonCrypto SHA-1 a better implementation than block-sha1?I do not believe this to be true. My gut feeling is that we cannot rely on the long-term stability and availability of Apple's APIs. Block-sha1 works fine on the current Apple hardware and I suspect that it (or openssl) will continue to work fine in the future. ...quoted
If people do not care, we can leave things as they are. It would seem mysterious to use block-sha1 when we are not using CommonCrypto for SSL (i.e. NO_OPENSSL), and otherwise CommonCrypto SHA-1, and would invite a puzzlement we saw in this thread, though.I'm curious to see what others think about dropping CommonCrypto. It seems like a good choice from a maintenance POV.
Judging by a week-long silence, it seems nobody seems to have much to say on this issue. Let me summon the git_osx_installer maintainer to hear from somebody who know a lot better than me about things around OS X. Thanks.