René Reuter wrote:LibTom has the code, I've used it in mysql-sha256 and it works well.
> - Another library with SHA-2 family is hard too find
http://git.stuge.se/?p=mysql-sha256.git
This is a very surprising statement from an author on the topic of
> and I can't use any untrusted or unmaintained code in my thesis,
> but thanks for that.
trust.
What constitutes untrusted for you? Is upstream OpenSSL the only
trusted code? Or is it debian OpenSSL? (I don't care that the problem
was in debian in particular, it is just an example.)
Why is unmaintained code a problem at all? Did you investigate why
LibTom is unmaintained? I think it matters.
http://it.slashdot.org/comments.pl?sid=191594&cid=15743508 is a good
read too. (Yes, same Tom.)
Don't hold your breath. I do not expect that this will change much
> Hopefully in future, it will be easier to link foreign packages in
> Coreboot.
for reasons described by Carl-Daniel, and in particular any change
should not happen in coreboot.
"Foreign packages" are not written with the boot environment in mind,
thus they do not function well there. This is true also for the very
foundation of open source "foreign packages" namely gcc. The reason
is simple; the boot environment is different enough from an operating
system environment to cause a lot of problems in common assumptions
made in software.
I think you could have gotten some good advice in time to make your
demo run had you gotten in touch earlier during your thesis work. :\
//Peter