Comment 10 for bug 1348339

I pretty much agree with all that has been said. We should fix it. SHA-2 makes the most sense today. And fixing it as a general hardening measure, rather than an OSSA makes sense.

To the point of wanting to just get all bad crypto algorithms out of these code bases... the OSSG is working on some gate tools that would catch such things. Once those are put in place, it should be much easier to prevent this kind of thing from happening in the future :-)