[rust-dev] Moving libcrypto back into rust repo?

Tony Arcieri bascule at gmail.com
Wed Jan 29 11:17:56 PST 2014


On Wed, Jan 29, 2014 at 11:08 AM, Sean McArthur <smcarthur at mozilla.com>wrote:

> Considering the effort to break up libextra into multiple crates in
> #8784[1], could rust-crypto[2] be moved back into rust as libcrypto?
>

As it were, ruby-core is now talking about extracting OpenSSL into a
separate library packaged independently from the standard distribution.
They are not cryptographic domain experts, don't want to be responsible for
it, and having it in the standard library limits their agility around
incident response when security problems are discovered.

Some comments on the issue deviated about whether crypto should written
> *in* Rust, or just be bindings. As a user, I don't care how they are
> implemented, as long as the exposed API is Rust-like.
>

rust-crypto is a brand new implementation of a bunch of crypto which hasn't
been well-audited. That alone should worry you.

I would definitely not be a fan of a non-battle hardened crypto library
being in core Rust.

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140129/cf3f0df5/attachment.html>


More information about the Rust-dev mailing list