diff options
Diffstat (limited to 'pipermail/pycrypto/2014q1/000782.html')
-rw-r--r-- | pipermail/pycrypto/2014q1/000782.html | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/pipermail/pycrypto/2014q1/000782.html b/pipermail/pycrypto/2014q1/000782.html new file mode 100644 index 0000000..f48d6e2 --- /dev/null +++ b/pipermail/pycrypto/2014q1/000782.html @@ -0,0 +1,142 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML> + <HEAD> + <TITLE> [pycrypto] Need your input: Major modernization; dropping legacy Python support? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Need%20your%20input%3A%20Major%20modernization%3B%0A%20dropping%20legacy%20Python%20support%3F&In-Reply-To=%3C20140222205050.GC7112%40ramacher.at%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <style type="text/css"> + pre { + white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */ + } + </style> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000771.html"> + <LINK REL="Next" HREF="000773.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[pycrypto] Need your input: Major modernization; dropping legacy Python support?</H1> + <B>Sebastian Ramacher</B> + <A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Need%20your%20input%3A%20Major%20modernization%3B%0A%20dropping%20legacy%20Python%20support%3F&In-Reply-To=%3C20140222205050.GC7112%40ramacher.at%3E" + TITLE="[pycrypto] Need your input: Major modernization; dropping legacy Python support?">sebastian+lists at ramacher.at + </A><BR> + <I>Sat Feb 22 12:50:50 PST 2014</I> + <P><UL> + <LI>Previous message: <A HREF="000771.html">[pycrypto] Need your input: Major modernization; dropping legacy Python support? +</A></li> + <LI>Next message: <A HREF="000773.html">[pycrypto] Public Key (X.509) in Modulus/Exponent Format +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#782">[ date ]</a> + <a href="thread.html#782">[ thread ]</a> + <a href="subject.html#782">[ subject ]</a> + <a href="author.html#782">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On 2014-02-06 09:51:39, Dwayne Litzenberger wrote: +><i> On Wed, Oct 30, 2013 at 06:24:48PM +0100, Sebastian Ramacher wrote: +</I>><i> >>2. I'm thinking of pulling in additional dependencies (e.g. cffi), +</I>><i> >>requiring setuptools, and basically joining what the rest of the +</I>><i> >>Python community is doing in 2013. +</I>><i> >> +</I>><i> >>3. What if src/*.c were removed, and any relevant C code moved into +</I>><i> >>an independent library, which could be loaded using cffi? (This +</I>><i> >>is basically what we need to do to support PyPy properly.) +</I>><i> > +</I>><i> >I wouldn't mind if the C code is moved into a library, however cffi +</I>><i> >doesn't seem to be ready to be used in binary distributions without +</I>><i> >resorting to hacks ([1] for the upstream bug, [2] for a very short +</I>><i> >thread on debian-python). I'm told that this will be fixed in cffi at +</I>><i> >some point. +</I>><i> > +</I>><i> >I've always had a good experience with Cython. What do you thinkg about +</I>><i> >that? +</I>><i> > +</I>><i> >Anyway, as long as we are not starting to use ctypes, I'll be fine. +</I>><i> >Depending on the timeframe of this change, I'd prefer PyCrypto to use +</I>><i> >someting that does not require hacks in binary distributions. If cffi is +</I>><i> >fixed until the change happens, I won't complain. +</I>><i> > +</I>><i> >[1] <A HREF="https://bitbucket.org/cffi/cffi/issue/109/enable-sane-packaging-for-cffi">https://bitbucket.org/cffi/cffi/issue/109/enable-sane-packaging-for-cffi</A> +</I>><i> >[2] <A HREF="https://lists.debian.org/debian-python/2013/10/msg00070.html">https://lists.debian.org/debian-python/2013/10/msg00070.html</A> +</I>><i> +</I>><i> ctypes is definitely not on the list. +</I>><i> +</I>><i> From what I understand, CFFI will only try to build binaries if +</I>><i> they're not already found. I think as long as packages that use +</I>><i> CFFI include the appropriate rules in their `setup.py build_ext` +</I>><i> process, it shouldn't be a problem. (I'd certainly work with you to +</I>><i> make sure the packaging isn't a nightmare.) +</I> +cffi 0.8 has been released in the meantime. I hope the issues have been +fixed, but I haven't had the time to check out the new version. + +><i> >>4. What if Crypto.* became a wrapper around some other crypto library? +</I>><i> > +</I>><i> >This depends on the crypto library you're thinking of. If it's openssl, +</I>><i> >then all the GPL licensed reverse dependencies might have a problem (at +</I>><i> >least in Debian). +</I>><i> > +</I>><i> >>5. The Apache License 2.0. What if PyCrypto were licensed under it, +</I>><i> >>or included dependencies that are licensed under it? +</I>><i> > +</I>><i> >With my Debian maintainer hat on, this would be a problem for me. We +</I>><i> >still ship software that is GPL 2 only that depends on PyCrypto. +</I>><i> >However, GPL 2 and the Apache License 2.0 are incompatible. +</I>><i> > +</I>><i> >Examples of these packages include revelation and pymsnt (I stopped +</I>><i> >searching for GPL 2 only reverse dependencies after I've found two). +</I>><i> > +</I>><i> >Of course, if the license changes or python-crypto starts depending on +</I>><i> >something licensed under Apache 2.0 this needs to be checked on a case by +</I>><i> >case basis, but I'd rather avoid it if there is no really good reason to +</I>><i> >do so. +</I>><i> +</I>><i> Ugh, GPL 2 only. I wish people would at least do "or any later +</I>><i> version". +</I>><i> +</I>><i> I'm thinking of merging with the folks at <A HREF="https://cryptography.io/,">https://cryptography.io/,</A> +</I>><i> which is covered by an Apache 2.0 license. +</I> +What is the merge going to look like? + +><i> How bad is the situation with GPL2-only packages? +</I> +I'll check the reverse dependencies in a couple of days. + +Regards +-- +Sebastian Ramacher +-------------- next part -------------- +A non-text attachment was scrubbed... +Name: signature.asc +Type: application/pgp-signature +Size: 819 bytes +Desc: Digital signature +URL: <<A HREF="http://lists.dlitz.net/pipermail/pycrypto/attachments/20140222/0da79cc2/attachment.sig">http://lists.dlitz.net/pipermail/pycrypto/attachments/20140222/0da79cc2/attachment.sig</A>> +</PRE> + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000771.html">[pycrypto] Need your input: Major modernization; dropping legacy Python support? +</A></li> + <LI>Next message: <A HREF="000773.html">[pycrypto] Public Key (X.509) in Modulus/Exponent Format +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#782">[ date ]</a> + <a href="thread.html#782">[ thread ]</a> + <a href="subject.html#782">[ subject ]</a> + <a href="author.html#782">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto +mailing list</a><br> +</body></html> |