diff options
Diffstat (limited to 'pipermail/pycrypto/2009q2/000097.html')
-rw-r--r-- | pipermail/pycrypto/2009q2/000097.html | 164 |
1 files changed, 164 insertions, 0 deletions
diff --git a/pipermail/pycrypto/2009q2/000097.html b/pipermail/pycrypto/2009q2/000097.html new file mode 100644 index 0000000..9376157 --- /dev/null +++ b/pipermail/pycrypto/2009q2/000097.html @@ -0,0 +1,164 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [pycrypto] DES/DES3/XOR/etc removal + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20DES/DES3/XOR/etc%20removal&In-Reply-To=20090422212200.24697.1644424365.divmod.quotient.10615%40henry.divmod.com"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000096.html"> + <LINK REL="Next" HREF="000098.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[pycrypto] DES/DES3/XOR/etc removal</H1> + <B>Thomas Dixon</B> + <A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20DES/DES3/XOR/etc%20removal&In-Reply-To=20090422212200.24697.1644424365.divmod.quotient.10615%40henry.divmod.com" + TITLE="[pycrypto] DES/DES3/XOR/etc removal">reikon at reikon.us + </A><BR> + <I>Wed Apr 22 15:26:31 CST 2009</I> + <P><UL> + <LI>Previous message: <A HREF="000096.html">[pycrypto] DES/DES3/XOR/etc removal +</A></li> + <LI>Next message: <A HREF="000098.html">[pycrypto] DES/DES3/XOR/etc removal +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#97">[ date ]</a> + <a href="thread.html#97">[ thread ]</a> + <a href="subject.html#97">[ subject ]</a> + <a href="author.html#97">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Jean-Paul Calderone wrote: +><i> On Wed, 22 Apr 2009 17:05:20 -0400, Thomas Dixon <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">reikon at reikon.us</A>> wrote: +</I>><i> +</I>>><i> Tzury Bar Yochay wrote: +</I>>><i> +</I>>>><i> please keep the DES3 and XOR. +</I>>>><i> we use them and need them in our ongoing projects +</I>>>><i> +</I>>>><i> On Wed, Apr 22, 2009 at 8:23 PM, Jean-Paul Calderone +</I>>>><i> <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">exarkun at twistedmatrix.com</A> <mailto:<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">exarkun at twistedmatrix.com</A>>> wrote: +</I>>>><i> +</I>>>><i> Hello, +</I>>>><i> +</I>>>><i> Someone pointed out that XOR and several other ciphers [1] have been +</I>>>><i> removed from PyCrypto. This has the consequence that Twisted Conch, +</I>>>><i> and SSH client and server implementation which depends on PyCrypto, +</I>>>><i> no longer works with the latest development version of PyCrypto, and +</I>>>><i> I assume that when the next release of PyCrypto is made, Conch also +</I>>>><i> won't work with that. +</I>>>><i> +</I>>>><i> I'm curious how important backwards compatibility is deemed with the +</I>>>><i> new PyCrypto development going on. A change like the one referenced +</I>>>><i> above is going to break users of PyCrypto (and that seems like it is +</I>>>><i> really obvious, to me - as opposed to a change which only accidentally +</I>>>><i> breaks applications). The added maintenance burden this causes makes +</I>>>><i> PyCrypto less attractive (one nice thing about PyCrypto having been +</I>>>><i> unmaintained for a long time is that Conch's use of it stayed as +</I>>>><i> correct (or incorrect) as it was when it was written). Basically, the +</I>>>><i> question is whether I should expect more PyCrypto changes like this +</I>>>><i> as development proceeds, or whether I can make the argument that +</I>>>><i> backwards +</I>>>><i> compatibility is a *good* thing compelling. +</I>>>><i> +</I>>>><i> Of course it's one thing to say "more backwards compatibility please". +</I>>>><i> Actually deciding how that can be accomplished while allowing +</I>>>><i> development +</I>>>><i> to proceed in a useful direction is another. However, I'm +</I>>>><i> intentionally +</I>>>><i> omitting details of that discussion from this message to keep things +</I>>>><i> simple. I'm convinced that some degree of backwards compatibility is +</I>>>><i> always possible, regardless of the changes desired, so the details +</I>>>><i> of how +</I>>>><i> it works aren't as important as deciding whether backwards +</I>>>><i> compatibility +</I>>>><i> will be maintained. +</I>>>><i> +</I>>>><i> So, what do you say? Can we decide that backwards compatibility +</I>>>><i> is a good +</I>>>><i> thing? +</I>>>><i> +</I>>>><i> Jean-Paul +</I>>>><i> +</I>>>><i> [1] - +</I>>>><i> <A HREF="http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.x.git;a=commit;h=5b5b496c0f81f3595d0aebb8da5196492abae429">http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.x.git;a=commit;h=5b5b496c0f81f3595d0aebb8da5196492abae429</A> +</I>>>><i> _______________________________________________ +</I>>>><i> pycrypto mailing list +</I>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> <mailto:<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>> +</I>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A> +</I>>>><i> +</I>>>><i> +</I>>>><i> ------------------------------------------------------------------------ +</I>>>><i> +</I>>>><i> _______________________________________________ +</I>>>><i> pycrypto mailing list +</I>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> +</I>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A> +</I>>>><i> +</I>>>><i> +</I>>><i> Personally, if Dwayne has decided to remove Blowfish, DES, 3DES, RC5, +</I>>><i> IDEA, and XOR, then I agree with that decision completely. From a legal +</I>>><i> and security standpoint, it makes perfect sense. There's also nothing to +</I>>><i> say that Dwayne won't add different implementations of some of these +</I>>><i> algorithms back into PyCrypto's offerings at a later date. +</I>>><i> +</I>><i> +</I>><i> Great. If that's the plan, then my complaint is moot. My concern is +</I>><i> that the next release of PyCrypto won't have these APIs. +</I>><i> +</I>><i> I understand that there are legal issues, but they're not new - PyCrypto +</I>><i> has had whatever they are for almost a decade - maybe *more* than a decade, +</I>><i> I dunno. I'm all for resolving them, but I don't think the resolution needs +</I>><i> to be immediate, given that it is going to break things. Go ahead and +</I>><i> deprecate the APIs with implementations that are not licensed compatibly +</I>><i> with the rest of PyCrypto, and even remove them after having deprecated +</I>><i> them for a while. But don't just delete them without warning and surprise +</I>><i> all the application developers relying on them. Again, if the plan is to +</I>><i> restore these APIs with new implementations, great, I'll stop complaining. +</I>><i> +</I>><i> +</I>>><i> Remember: +</I>>><i> Those who will primarily suffer from a software developer's laziness are +</I>>><i> their users. +</I>>><i> +</I>><i> +</I>><i> I don't know what you mean by this. +</I>><i> +</I>><i> Jean-Paul +</I>><i> _______________________________________________ +</I>><i> pycrypto mailing list +</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> +</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A> +</I>><i> +</I>I don't see how he's deleting anything without warning. You *are* +referring to a *development* version, are you not? How do you know he +doesn't plan to replace some of the implementations he removed with +different implementations prior to the next release? + +Thom +</PRE> + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000096.html">[pycrypto] DES/DES3/XOR/etc removal +</A></li> + <LI>Next message: <A HREF="000098.html">[pycrypto] DES/DES3/XOR/etc removal +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#97">[ date ]</a> + <a href="thread.html#97">[ thread ]</a> + <a href="subject.html#97">[ subject ]</a> + <a href="author.html#97">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto +mailing list</a><br> +</body></html> |