[rust-dev] Moving libcrypto back into rust repo?

Gaetan gaetan at xeberon.net
Wed Jan 29 12:27:38 PST 2014


Bindings in standard library is really wierd, especially for porting and
maintaining on various system (linux, android,...)
Le 29 janv. 2014 20:32, "Sean McArthur" <smcarthur at mozilla.com> a écrit :

>
>
>
> On Wed, Jan 29, 2014 at 11:17 AM, Tony Arcieri <bascule at gmail.com> wrote:
>
>> As it were, ruby-core is now talking about extracting OpenSSL into a
>> separate library packaged independently from the standard distribution.
>> They are not cryptographic domain experts, don't want to be responsible for
>> it, and having it in the standard library limits their agility around
>> incident response when security problems are discovered.
>>
>
> Understandable. Though, packaging bindings to a mature implementation
> would reduce the need for experts in Rust, and still give users the "this
> is audited crypto code, use it" message.
>
>
>> rust-crypto is a brand new implementation of a bunch of crypto which
>> hasn't been well-audited. That alone should worry you.
>>
>
> I was under the impression that rust-crypto was extra::crypto moved into a
> separate library. I could be wrong.
>
>
>> I would definitely not be a fan of a non-battle hardened crypto library
>> being in core Rust.
>>
>
> I wouldn't be either. Whichever library is used, Rust could call it
> libcrypto, and I as a user can trust that it's a good library that I can
> use.
>
> _______________________________________________
> Rust-dev mailing list
> Rust-dev at mozilla.org
> https://mail.mozilla.org/listinfo/rust-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140129/037ee638/attachment.html>


More information about the Rust-dev mailing list