Re: sha1/botan stuff (was Re: [Monotone-devel] updates to net.venge.monotone.experiment.performance)

[Eric Anderson]

Nathaniel Smith writes:
 > > 997a677db676734acc0d098979d2a9cee8765ec9: libcrypto ssl linking
 > > 
 > > Enable optional compilation with openssl libcrypto for the optimized
 > > SHA1 hash.  Likely to be obsoleted by getting the fast assembly code
 > > from libcrypto used in Botan.  Depending on how long that's expected
 > > to take, it may be worth merging this patch now (it's disabled by
 > > default) and letting people enable it if they want.  It was a
 > > relatively substantial improvement at the time of the measurements,
 > > probably a whole lot more after all of the other improvements have
 > > been applied.
 > 
 > I'm nervous about landing it on mainline, even as optional, because of
 > the potential legal issues -- e.g., possibly debian would have to rip
 > it out again before distributing our standard packages, etc. etc.

I don't believe there is any legal issue because the legal issues only
kick in if debian (or other vendor) explicitly configures with
--with-crypto; by default it won't configure with crypto, so it won't
use any of that code; I couldn't imagine that a configured-out call to
SHA1() would cause a legal problem.  

 > [ x86 SHA1 is license encumbered ]

Bummer.  http://sourceforge.net/projects/beecrypt/ and
http://www.lysator.liu.se/~nisse/lsh/ both seem to have some sort of
assembler optimized x86 implementations and they are both LGPL.
        -Eric