[Cryptography Team] RFC: Consolidating the Cryptography library fora general release

Robert Withers reefedjib at yahoo.com
Sat Apr 21 15:30:56 UTC 2007 

Hi Ron,


On Apr 20, 2007, at 7:53 PM, Ron Teitelbaum wrote:

> Hi Rob,
>
> Very cool about the SMIME work I'm looking forward to working with it.

I have one last bug to fix for signatures.

> There is some working and useful code in MSCerts and I need to  
> review TLS
> for any dependencies.  Also the work that I started which  
> integrates SSL
> with Kom is there, I think in the tls package, so as long as we  
> don't delete
> them I'm ok with renaming them.  Were you planning on moving SSL  
> and SMIME
> into another repository or just renaming them within the Cryptography
> repository?

I was just going to re-categorize them and republish them as SSL and  
SMIME, but leave them in this repository.  I have already done this  
locally for SMIME, but I am waiting for the go ahead on the  
consolidation.

> We originally separated them out so that someone could select which
> components they needed.

I thought it was done to assist with concurrent development, but most  
of it is stable now.

> I agree with you that this introduced some load
> dependencies.  Also the size of the classes themselves is not large  
> enough
> to really warrant their own packages.  We probably introduced more  
> problems
> and confusion then we solved.  So I agree with your suggestion and  
> would
> support having one cryptography package with all the component  
> algorithms,
> and then separate packages for applications.  I should also move my
> KeyHolder and my PasswordSaltAndStretch somewhere.  I'm not sure  
> they are
> components but they are not really applications either.  Suggestions?

I think something in RC2 or something uses KeyHolder, et al.   Let's  
leave them in.

So you agree with my package allocation?

Rob

>
> Ron
>
>> -----Original Message-----
>> From: Robert Withers
>>
>> This is a request for comment on consolidating the Cryptography
>> library for a general release.  What I mean by that is consolidating
>> to a single Monticello package, that would allow users to one-click
>> load the basic library.  Currently there is an implicit load order
>> which most users don't know.  We still don't have Configuration
>> support so that isn't a solution right now.
>>
>> If this idea is supported, I suggest we look at all the packages and
>> decide which are "in", then generate the Cryptography package with
>> these packages loaded.
>>
>> Those packages that are not included, like Cryptography-SMIME for
>> instance, should really be renamed to not have the Cryptography-
>> prefix.  The old versions can be deleted to keep things clean.
>>
>> Those packages that are selected, and are determined to be complete,
>> could be deleted as independent packages and we would just rely on
>> them being in the consolidated package and develop there when
>> needed.  After this first step is completed, we could reassign the
>> classes to a more compact categorization.
>>
>> Below is a list of the packages.  Please vote and if your vote is
>> yes, what are your package recommendations as described below.
>>
>> Rob
>>
>> Packages:
>> Those with a '*' in front are my suggestions as to which is to be
>> included in Cryptography.  Those with a '!' in front are my
>> suggestions as to which should be renamed away from Cryptography-.
>> Those with a '+++' are candidates for deletion, since they have been
>> superseded.
>>
>> * Cryptography-ARC2
>> * Cryptography-ASN1
>> * Cryptography-Core
>> * Cryptography-DES
>> * Cryptography-DSA
>> * Cryptography-ElGamal
>> * Cryptography-MD4
>> * Cryptography-MD5
>> * Cryptography-PKCS12
>> * Cryptography-RC4
>> * Cryptography-RSA
>> * Cryptography-RandomAndPrime
>> * Cryptography-Rijndael
>> * Cryptography-SHA1
>> * Cryptography-SHA256
>> ! Cryptography-SMIME
>> ! Cryptography-SSL
>> * Cryptography-Tests
>> * Cryptography-X509
>> +++Fortuna  (this exists in RandomAndPrime)
>> ! Cryptography-MSCerts
>> +++Cryptography-TLS (this is superseded by SSL)
>> OpenPGP
>>
>> _______________________________________________
>> Cryptography mailing list
>> Cryptography at lists.squeakfoundation.org
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>> cryptography
>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography

More information about the Cryptography mailing list