From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/3232 Path: news.gmane.org!not-for-mail From: Rob Landley Newsgroups: gmane.linux.lib.musl.general Subject: Re: High-priority library replacements? Date: Sun, 28 Apr 2013 16:43:34 -0500 Message-ID: <1367185414.18069.174@driftwood> References: <20130425041553.GA13951@brightrain.aerifal.cx> <20130426005545.GA7923@Caracal> <20130426154728.GQ20323@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; DelSp=Yes; Format=Flowed Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1367190235 9888 80.91.229.3 (28 Apr 2013 23:03:55 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 28 Apr 2013 23:03:55 +0000 (UTC) Cc: musl@lists.openwall.com To: musl@lists.openwall.com Original-X-From: musl-return-3236-gllmg-musl=m.gmane.org@lists.openwall.com Mon Apr 29 01:03:59 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1UWadT-0006mU-At for gllmg-musl@plane.gmane.org; Mon, 29 Apr 2013 01:03:59 +0200 Original-Received: (qmail 17467 invoked by uid 550); 28 Apr 2013 23:03:58 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 17444 invoked from network); 28 Apr 2013 23:03:57 -0000 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:date:from:subject:to:cc:references:in-reply-to:x-mailer :message-id:mime-version:content-type:content-disposition :content-transfer-encoding:x-gm-message-state; bh=WjXIqRODyB+XDrilX+ukQN0+jMa7TYELQHBni+MpKWs=; b=eH7KcR7uTnEnI5yi8BXqgcZ7ZLLtbyfi25NhHtT8TaaFajpsTI02FP2IevpBzcnCBc K4bvZqHXO5oHrEMqimJdUEHioAiYWgE/tnii0skw8OtIk9pSl82MNBFhrjUkzGJP1KEg WQ49kox2YSavhiKylUY25e9LeGmvOKhcpJyHs2npSaejE3Rk1px39Pdkn462BjW2wBxN 8X1KSLeBpaxajrGtE6oVVc/DR+bkczZo3b0Zz1tGNuwmiFg+fzF7TuMjR5BXkK7iPIrE ikL7KSoZPNpt1XkxvLyZqGkVGeUvzMHOwZudWzzO+RjAAc0aVsBZCxZ6hde00XehoPYE HT2A== X-Received: by 10.42.48.7 with SMTP id q7mr2927icf.35.1367190225538; Sun, 28 Apr 2013 16:03:45 -0700 (PDT) In-Reply-To: <20130426154728.GQ20323@brightrain.aerifal.cx> (from dalias@aerifal.cx on Fri Apr 26 10:47:29 2013) X-Mailer: Balsa 2.4.11 Content-Disposition: inline X-Gm-Message-State: ALoCoQnUNx/N66hvH4LxyhVQEz72B7x8oK8znR1Qiy/hZqiyz36VCeAZCvrHqkZWWN/tfTFSlEds Xref: news.gmane.org gmane.linux.lib.musl.general:3232 Archived-At: On 04/26/2013 10:47:29 AM, Rich Felker wrote: > > > While writing your own "xyz" may be a good learning experience =20 > and fun > > > and so on, a crypto library faces some restrictions: > > > -You will need to fix bugs promptly until you hand over =20 > maintainership. > > > (Otherwise, you become responsible when there's a vulnerability =20 > that > > > stays unfixed.) > > Not really a problem for me. > > BTW, latest official stable tomcrypt release was released in 2007. >=20 > Yes, that's because it's already very mature.. :) BTW, a big plus of > that is that it would be safe to fork tomcrypt and fix any issues in > it that aren't going to get fixed upstream, like global state, since > maintaining a fork of a mature but clean codebase is almost no work. I note that dropbear has been maintaining a de-factor fork of =20 libtomcrypt all that time. Might want to coordinate with him if you're =20 going to bother. Rob=