On Thu, Oct 10, 2013 at 4:49 PM, Dirkjan Ochtman <djc@apache.org> wrote:

(Sending again from the right mail address, please ignore the other one.)

I've been hanging out in #apr on Freenode recently, but it appears the
intersection of people hanging out there and active APR committers is
pretty much the empty set.

I recently filed
https://issues.apache.org/bugzilla/show_bug.cgi?id=55520 and I wonder
if people had actually seen that. There seems to have been a lot of
talk about an 1.5 release, so I might be late with this, but since the
implementation has already been there, maybe exposing this isn't so
hard? In any case, this seems like a no-brainer to me.

The reason I've recently gotten interested in APR (and SHA support) is
my work on https://github.com/mozilla/mod_authn_persona.



(Only since nobody responded yet...)

Somebody in APR-land with an interest in hashes needs to take a bite.  What it looks like to my very untrained eye is an implementation of one of a handful of the SHA2 hashes* (i.e., incomplete) which was taken in 10 years ago from another source and maintained independently and never used in a way that would expose implementation defects beyond what various compilers and static analysis tools complained about over the years.

*Maybe it is more complete in the 1.x branches; I just noticed that some unused hashes were ripped out of trunk 10 months ago.

Surely there's a more appropriate place to pick up SHA2?

(But really, somebody with a real interest will hopefully respond.)

Born in Roswell... married an alien...