Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Apr 2013 16:43:34 -0500
From: Rob Landley <rob@...dley.net>
To: musl@...ts.openwall.com
Cc: musl@...ts.openwall.com
Subject: Re: High-priority library replacements?

On 04/26/2013 10:47:29 AM, Rich Felker wrote:
> > > While writing your own "xyz" may be a good learning experience  
> and fun
> > > and so on, a crypto library faces some restrictions:
> > > -You will need to fix bugs promptly until you hand over  
> maintainership.
> > > (Otherwise, you become responsible when there's a vulnerability  
> that
> > > stays unfixed.)
> > Not really a problem for me.
> > BTW, latest official stable tomcrypt release was released in 2007.
> 
> Yes, that's because it's already very mature.. :) BTW, a big plus of
> that is that it would be safe to fork tomcrypt and fix any issues in
> it that aren't going to get fixed upstream, like global state, since
> maintaining a fork of a mature but clean codebase is almost no work.

I note that dropbear has been maintaining a de-factor fork of  
libtomcrypt all that time. Might want to coordinate with him if you're  
going to bother.

Rob

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.