[rust-dev] Moving libcrypto back into rust repo?
smcarthur at mozilla.com
Wed Jan 29 11:32:09 PST 2014
On Wed, Jan 29, 2014 at 11:17 AM, Tony Arcieri <bascule at gmail.com> wrote:
> As it were, ruby-core is now talking about extracting OpenSSL into a
> separate library packaged independently from the standard distribution.
> They are not cryptographic domain experts, don't want to be responsible for
> it, and having it in the standard library limits their agility around
> incident response when security problems are discovered.
Understandable. Though, packaging bindings to a mature implementation would
reduce the need for experts in Rust, and still give users the "this is
audited crypto code, use it" message.
> rust-crypto is a brand new implementation of a bunch of crypto which
> hasn't been well-audited. That alone should worry you.
I was under the impression that rust-crypto was extra::crypto moved into a
separate library. I could be wrong.
> I would definitely not be a fan of a non-battle hardened crypto library
> being in core Rust.
I wouldn't be either. Whichever library is used, Rust could call it
libcrypto, and I as a user can trust that it's a good library that I can
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Rust-dev