| [tools-pmc] [CQ 21973] google-auth-library-oauth2-http 0.20.0 |
http://dev.eclipse.org/ipzilla/show_bug.cgi?id=21973 --- Comment #4 from Tony Homer <tony.homer@xxxxxxxxx> 2020-04-22 10:37:20 --- Thanks for double-checking, Jonah! I was basing the Cryptography=N/A on an old submission for google-auth-library-oauth2-http 0.12.0 https://dev.eclipse.org/ipzilla/show_bug.cgi?id=19759 I also submitted a CQ request for google-auth-library-oauth2-http 0.19.0 which was approved https://dev.eclipse.org/ipzilla/show_bug.cgi?id=21616 but IIRC I based the Cryptography N/A there on the 0.12.0 submission also. I took a look at the sources and documentation to double-check and although this library uses SHA256 it is only for signing and not for encrypting data. This library provides an OAuth2 client which uses SHA256 with RSA for signing as well as several other authorization clients which use SHA256 with RSA for signing. For reference, OAuth2 is RFC 6749: https://tools.ietf.org/html/rfc6749 Based on the above, I think it's still an N/A on Cryptography and hopefully the above statements are enough for you to confirm or deny. Please let me know if you need more information. -- Configure CQmail: http://dev.eclipse.org/ipzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the CQ.