1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE> [pycrypto] Is PyCrypto dead?
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Is%20PyCrypto%20dead%3F&In-Reply-To=%3CCAEncD4dOhvNMV2K2_b48tboSQ4wkCkMVQ_iiyGiHdKFErZU17Q%40mail.gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<style type="text/css">
pre {
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
}
</style>
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000809.html">
<LINK REL="Next" HREF="000812.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[pycrypto] Is PyCrypto dead?</H1>
<B>Dave Pawson</B>
<A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Is%20PyCrypto%20dead%3F&In-Reply-To=%3CCAEncD4dOhvNMV2K2_b48tboSQ4wkCkMVQ_iiyGiHdKFErZU17Q%40mail.gmail.com%3E"
TITLE="[pycrypto] Is PyCrypto dead?">dave.pawson at gmail.com
</A><BR>
<I>Mon May 12 10:49:11 PDT 2014</I>
<P><UL>
<LI>Previous message: <A HREF="000809.html">[pycrypto] Is PyCrypto dead?
</A></li>
<LI>Next message: <A HREF="000812.html">[pycrypto] Is PyCrypto dead?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#810">[ date ]</a>
<a href="thread.html#810">[ thread ]</a>
<a href="subject.html#810">[ subject ]</a>
<a href="author.html#810">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>I've insufficient knowledge to tweak code.
I do believe the documentation could be improved.
How to split out the documentation into n parts,
at least one favouring usage, examples, testing etc.
If I believed the list/site was live, I would work on that
and submit it for review.
The requirement surely is to document fully the API, but
also provide ... a guidance /usage document set?
Getting no response from the maintainer is not conducive to submitting anything?
regards
On 12 May 2014 17:03, Dwayne Litzenberger <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">dlitz at dlitz.net</A>> wrote:
><i> It's not dead. Due to some personal issues, I just have very little time to
</I>><i> work on the project right now, and unfortunately I haven't been able to find
</I>><i> someone I trust to hand off maintenance to. It seems that most contributors
</I>><i> either want to add their pet algorithms[1] (increasing maintenance
</I>><i> overhead)]---or they introduce potentially serious vulnerabilities[2][3],
</I>><i> bizarre[4] or inconsistent[5] APIs, performance issues, etc.
</I>><i>
</I>><i> That's fine; Crypto is hard, but it means progress is slow, because I have
</I>><i> to go over everything with a fine-toothed comb, and it's hard to find the
</I>><i> time do it, and I'm reluctant to merge code that might make things worse for
</I>><i> existing end-users, even if this makes some developers unhappy.
</I>><i>
</I>><i> If a fork is necessary, Sebastian Ramacher is probably the person I trust
</I>><i> the most---at the moment---to maintain it. His patches have been
</I>><i> consistently good, albeit small, and he's the Debian package maintainer, so
</I>><i> a lot of people are already implicitly relying on him anyway.
</I>><i>
</I>><i> I'm hoping to spend more time on the project soon, but my availability is
</I>><i> hard to predict in advance. Hopefully, things will be better in the next
</I>><i> 6-12 months, but I can't promise anything.
</I>><i>
</I>><i> In the meantime, there are a few things that might help in the short term:
</I>><i>
</I>><i> - Having some process for triage & code review, so that the community can
</I>><i> vet and patches, and also ensure that the master branch remains in a
</I>><i> releasable state. Right now, I have an unordered set of pull requests to
</I>><i> deal with. It would be great if this became a queue that was prioritized
</I>><i> according to quality and the current release goals.
</I>><i>
</I>><i> - CI infrastructure. It would be really helpful if all pull requests were
</I>><i> automatically tested against. Like [6], but actually covering all
</I>><i> currently supported configurations.
</I>><i>
</I>><i> - Moving bug tracking to GitHub (from Launchpad). Using both tools has
</I>><i> been pretty cumbersome, but I've been reluctant to disrupt things. Any
</I>><i> objections to this?
</I>><i>
</I>><i> - If anyone is in/near San Francisco and wants to help with this, it might
</I>><i> help if we introduced ourselves in person.
</I>><i>
</I>><i> Does anyone want to champion this?
</I>><i>
</I>><i> Regards,
</I>><i> - Dwayne
</I>><i>
</I>><i> [1] <A HREF="https://github.com/dlitz/pycrypto/pull/76">https://github.com/dlitz/pycrypto/pull/76</A>
</I>><i> [2] <A HREF="https://github.com/dlitz/pycrypto/pull/50">https://github.com/dlitz/pycrypto/pull/50</A>
</I>><i> [3] <A HREF="https://bugs.launchpad.net/pycrypto/+bug/1176482">https://bugs.launchpad.net/pycrypto/+bug/1176482</A>
</I>><i> [4]
</I>><i> <A HREF="https://github.com/dlitz/pycrypto/blob/f9a0fc77e1c8847c1a17503e5a1b86a409b8cb2d/lib/Crypto/PublicKey/RSA.py#L318">https://github.com/dlitz/pycrypto/blob/f9a0fc77e1c8847c1a17503e5a1b86a409b8cb2d/lib/Crypto/PublicKey/RSA.py#L318</A>
</I>><i> [5] <A HREF="https://bugs.launchpad.net/pycrypto/+bug/1132550">https://bugs.launchpad.net/pycrypto/+bug/1132550</A>
</I>><i> [6] <A HREF="https://github.com/dlitz/pycrypto/pull/60">https://github.com/dlitz/pycrypto/pull/60</A>
</I>><i>
</I>><i> On Mon, Apr 21, 2014 at 09:44:16PM +0200, Legrandin wrote:
</I>>><i>
</I>>><i> Is PyCrypto dead?
</I>>><i>
</I>>><i> If one had to judge from the speed security flaws are recognized,
</I>>><i> fixed and disclosed [1], then no, pycrypto is definitely not dead.
</I>>><i> Other, more active FOSS library should take notes in fact.
</I>>><i>
</I>>><i> However, when it comes to adding new features (as in, catching up with the
</I>>><i> needs of a normal security application in 2014) and refactoring the
</I>>><i> existing ones, pycrypto is deep frozen. Bug reports keep piling up and it
</I>>><i> can easily take a couple of years for a pull request to finally end up in
</I>>><i> a
</I>>><i> release.
</I>>><i>
</I>>><i> Every now and then, I can read on the ML proposals and intentions for
</I>>><i> major (and IMO, not entirely needed) overhauls, but they never seem to
</I>>><i> translate into anything solid. Worse than that, their completion is set as
</I>>><i> the
</I>>><i> precondition for acceptance of any new feature, which further exacerbates
</I>>><i> the problem.
</I>>><i>
</I>>><i> What can be done to improve on that?
</I>>><i> Would setting up a tip jar help?
</I>>><i> Would a fork of the library be seen as hostile?
</I>>><i>
</I>>><i> Finally, I am aware of the existence of the cryptography project [1].
</I>>><i> It does *not* cover my needs and I do *not* agree with some of the
</I>>><i> principles and motivations behind that design, though its dev and test
</I>>><i> processes are clearly sound.
</I>>><i>
</I>>><i> [1] <A HREF="http://lists.dlitz.net/pipermail/pycrypto/2013q4/000702.html">http://lists.dlitz.net/pipermail/pycrypto/2013q4/000702.html</A>
</I>>><i> [2] <A HREF="https://cryptography.io">https://cryptography.io</A>
</I>><i>
</I>><i>
</I>>><i> _______________________________________________
</I>>><i> pycrypto mailing list
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>><i>
</I>><i>
</I>><i>
</I>><i> --
</I>><i> Dwayne C. Litzenberger <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">dlitz at dlitz.net</A>>
</I>><i> OpenPGP: 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
</I>><i> _______________________________________________
</I>><i> pycrypto mailing list
</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>
--
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
<A HREF="http://www.dpawson.co.uk">http://www.dpawson.co.uk</A>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000809.html">[pycrypto] Is PyCrypto dead?
</A></li>
<LI>Next message: <A HREF="000812.html">[pycrypto] Is PyCrypto dead?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#810">[ date ]</a>
<a href="thread.html#810">[ thread ]</a>
<a href="subject.html#810">[ subject ]</a>
<a href="author.html#810">[ author ]</a>
</LI>
</UL>
<hr>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto
mailing list</a><br>
</body></html>
|
