delta/python-packages/pycrypto.git - github.com: dlitz/pycrypto.git

diff options


context:
space:
mode:

Diffstat (limited to 'pipermail/pycrypto/2009q2/000097.html')

-rw-r--r--

pipermail/pycrypto/2009q2/000097.html

164

1 files changed, 164 insertions, 0 deletions

diff --git a/pipermail/pycrypto/2009q2/000097.html b/pipermail/pycrypto/2009q2/000097.html
new file mode 100644
index 0000000..9376157
--- /dev/null
+++ b/pipermail/pycrypto/2009q2/000097.html

@@ -0,0 +1,164 @@

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [pycrypto] DES/DES3/XOR/etc removal

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20DES/DES3/XOR/etc%20removal&In-Reply-To=20090422212200.24697.1644424365.divmod.quotient.10615%40henry.divmod.com">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="000096.html">

+ <LINK REL="Next" HREF="000098.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[pycrypto] DES/DES3/XOR/etc removal</H1>

+ Thomas Dixon

+ <A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20DES/DES3/XOR/etc%20removal&In-Reply-To=20090422212200.24697.1644424365.divmod.quotient.10615%40henry.divmod.com"

+ TITLE="[pycrypto] DES/DES3/XOR/etc removal">reikon at reikon.us

+ </A>

+ Wed Apr 22 15:26:31 CST 2009

+ <UL>

+ <LI>Previous message: <A HREF="000096.html">[pycrypto] DES/DES3/XOR/etc removal

+</A></li>

+ <LI>Next message: <A HREF="000098.html">[pycrypto] DES/DES3/XOR/etc removal

+</A></li>

+ <LI> Messages sorted by:

+ <a href="date.html#97">[ date ]</a>

+ <a href="thread.html#97">[ thread ]</a>

+ <a href="subject.html#97">[ subject ]</a>

+ <a href="author.html#97">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+

+<PRE>Jean-Paul Calderone wrote:

+> On Wed, 22 Apr 2009 17:05:20 -0400, Thomas Dixon <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">reikon at reikon.us</A>> wrote:

+>

+>> Tzury Bar Yochay wrote:

+>>

+>>> please keep the DES3 and XOR.

+>>> we use them and need them in our ongoing projects

+>>>

+>>> On Wed, Apr 22, 2009 at 8:23 PM, Jean-Paul Calderone

+>>> <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">exarkun at twistedmatrix.com</A> <mailto:<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">exarkun at twistedmatrix.com</A>>> wrote:

+>>>

+>>> Hello,

+>>>

+>>> Someone pointed out that XOR and several other ciphers [1] have been

+>>> removed from PyCrypto. This has the consequence that Twisted Conch,

+>>> and SSH client and server implementation which depends on PyCrypto,

+>>> no longer works with the latest development version of PyCrypto, and

+>>> I assume that when the next release of PyCrypto is made, Conch also

+>>> won't work with that.

+>>>

+>>> I'm curious how important backwards compatibility is deemed with the

+>>> new PyCrypto development going on. A change like the one referenced

+>>> above is going to break users of PyCrypto (and that seems like it is

+>>> really obvious, to me - as opposed to a change which only accidentally

+>>> breaks applications). The added maintenance burden this causes makes

+>>> PyCrypto less attractive (one nice thing about PyCrypto having been

+>>> unmaintained for a long time is that Conch's use of it stayed as

+>>> correct (or incorrect) as it was when it was written). Basically, the

+>>> question is whether I should expect more PyCrypto changes like this

+>>> as development proceeds, or whether I can make the argument that

+>>> backwards

+>>> compatibility is a *good* thing compelling.

+>>>

+>>> Of course it's one thing to say "more backwards compatibility please".

+>>> Actually deciding how that can be accomplished while allowing

+>>> development

+>>> to proceed in a useful direction is another. However, I'm

+>>> intentionally

+>>> omitting details of that discussion from this message to keep things

+>>> simple. I'm convinced that some degree of backwards compatibility is

+>>> always possible, regardless of the changes desired, so the details

+>>> of how

+>>> it works aren't as important as deciding whether backwards

+>>> compatibility

+>>> will be maintained.

+>>>

+>>> So, what do you say? Can we decide that backwards compatibility

+>>> is a good

+>>> thing?

+>>>

+>>> Jean-Paul

+>>>

+>>> [1] -

+>>> <A HREF="http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.x.git;a=commit;h=5b5b496c0f81f3595d0aebb8da5196492abae429">http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.x.git;a=commit;h=5b5b496c0f81f3595d0aebb8da5196492abae429</A>

+>>> _______________________________________________

+>>> pycrypto mailing list

+>>> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> <mailto:<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>>

+>>> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>

+>>>

+>>> ------------------------------------------------------------------------

+>>>

+>>> _______________________________________________

+>>> pycrypto mailing list

+>>> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>

+>>> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>

+>>>

+>> Personally, if Dwayne has decided to remove Blowfish, DES, 3DES, RC5,

+>> IDEA, and XOR, then I agree with that decision completely. From a legal

+>> and security standpoint, it makes perfect sense. There's also nothing to

+>> say that Dwayne won't add different implementations of some of these

+>> algorithms back into PyCrypto's offerings at a later date.

+>>

+>

+> Great. If that's the plan, then my complaint is moot. My concern is

+> that the next release of PyCrypto won't have these APIs.

+>

+> I understand that there are legal issues, but they're not new - PyCrypto

+> has had whatever they are for almost a decade - maybe *more* than a decade,

+> I dunno. I'm all for resolving them, but I don't think the resolution needs

+> to be immediate, given that it is going to break things. Go ahead and

+> deprecate the APIs with implementations that are not licensed compatibly

+> with the rest of PyCrypto, and even remove them after having deprecated

+> them for a while. But don't just delete them without warning and surprise

+> all the application developers relying on them. Again, if the plan is to

+> restore these APIs with new implementations, great, I'll stop complaining.

+>

+>> Remember:

+>> Those who will primarily suffer from a software developer's laziness are

+>> their users.

+>>

+>

+> I don't know what you mean by this.

+>

+> Jean-Paul

+> _______________________________________________

+> pycrypto mailing list

+> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>

+> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>

+>

+I don't see how he's deleting anything without warning. You *are*

+referring to a *development* version, are you not? How do you know he

+doesn't plan to replace some of the implementations he removed with

+different implementations prior to the next release?

+Thom

+</PRE>

+

+ <HR>

+ <UL>

+

+ <LI>Previous message: <A HREF="000096.html">[pycrypto] DES/DES3/XOR/etc removal

+</A></li>

+ <LI>Next message: <A HREF="000098.html">[pycrypto] DES/DES3/XOR/etc removal

+</A></li>

+ <LI> Messages sorted by:

+ <a href="date.html#97">[ date ]</a>

+ <a href="thread.html#97">[ thread ]</a>

+ <a href="subject.html#97">[ subject ]</a>

+ <a href="author.html#97">[ author ]</a>

+ </LI>

+ </UL>

+<hr>

+<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto

+mailing list</a>

+</body></html>