[rust-dev] Moving libcrypto back into rust repo?

Sean McArthur smcarthur at mozilla.com
Wed Jan 29 11:32:09 PST 2014


On Wed, Jan 29, 2014 at 11:17 AM, Tony Arcieri <bascule at gmail.com> wrote:

> As it were, ruby-core is now talking about extracting OpenSSL into a
> separate library packaged independently from the standard distribution.
> They are not cryptographic domain experts, don't want to be responsible for
> it, and having it in the standard library limits their agility around
> incident response when security problems are discovered.
>

Understandable. Though, packaging bindings to a mature implementation would
reduce the need for experts in Rust, and still give users the "this is
audited crypto code, use it" message.


> rust-crypto is a brand new implementation of a bunch of crypto which
> hasn't been well-audited. That alone should worry you.
>

I was under the impression that rust-crypto was extra::crypto moved into a
separate library. I could be wrong.


> I would definitely not be a fan of a non-battle hardened crypto library
> being in core Rust.
>

I wouldn't be either. Whichever library is used, Rust could call it
libcrypto, and I as a user can trust that it's a good library that I can
use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140129/764e3309/attachment.html>


More information about the Rust-dev mailing list