Using Openssl for shasums?

[nteodosio]

It was noted in https://launchpad.net/bugs/2074086 that this project is using libtomcrypt and it would be in Ubuntu's interest to switch to Openssl, as it is certified there. Would this contribution be welcome in your project or would you rather stick to what is in use?

[nikias]

It is only using checksum calculations, nothing else. And it's bundled so we don't create another dependency, moreover sha1 is being deprecated everywhere. We have a similar issue with libimobiledevice and deprecated hashing algorithms in OpenSSL (there are a few tickets for this too) and I am already thinking about maybe even bundling mbedtls with the project to work around that. So me personally I would rather keep it as is.