On Sat, Nov 06, 2021 at 07:43:02AM -0000, Daniel Alley wrote:
Another issue - which is not per-se a security issue but it's
still a problem - is that deltarpm uses md5 checksums pervasively. They're
everywhere. And it uses its own implementation of md5 which doesn't respect FIPS, so
even when the user has *explicitly* configured their system to not use md5 for anything
security-relevant, libdeltarpm won't know or care.
They are used as a consistency check, it might as well use crc32.
So I don't see why FIPS is a concern for you.
Cheers,
Michael.
--
Michael Schroeder SUSE Software Solutions Germany GmbH
mls(a)suse.de GF: Felix Imendoerffer HRB 36809, AG Nuernberg
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}