[Cryptography Team] RFC: Consolidating the Cryptography library for a general release

Robert Withers reefedjib at yahoo.com
Sat Apr 21 18:01:22 UTC 2007 

On Apr 21, 2007, at 10:26 AM, Philippe Marschall wrote:

> 2007/4/21, Robert Withers <reefedjib at yahoo.com>:
>> Hi Philippe,
>>
>> I hadn't realized that Configurations had been fixed in 3.9.  They
>> were broken badly in 3.8.
>
> They don't work out of the box in 3.9, you're right about that. I
> don't know what the situation on 3.8.1 is.

I'm sorry but I don't think it is suitable to deploy Cryptography  
using a mechanism that does not work out of the box.  It has been two  
cycles (3.8 and 3.9) where this problem has existed without being  
repaired.  We are trying to arrive at a solution to allow users to  
load Cryptography out of the box, so they can start using  
applications that are built on top of Cryptography, like SMIME and  
SSL.  I think consolidating the library makes perfect sense, and if  
someone needs a slimmed down version we can create one for them.  I'm  
sorry if a little frustration is coming through, but Monticello is a  
fantastic product that I use everyday, but we have tried to notify  
people of the problem with Configurations and nothing was done.  I  
would love to use it if it worked out of the box in 3.9.  Maybe a fix  
could be added to 3.10.

>
>> This would certainly be a solution to load
>> the various Crypto packages, and it would have the advantage of
>> allowing people to load a smaller subset for constrained devices.
>> I'll take you up on you offer to build a Configuration file for us.
>> Is it possible to nest one configuration inside of another?
>
> No.

Bummer.

>
>> If I
>> build a SSL configuration, I would want to load the Cryptography
>> configuration with it.  O is this what Universes will deliver to us.
>> Slightly confused.
>
> Universes supports dependencies afaik.

Maybe this is now the solution, to add all packages to a Universe.  I  
wonder if Universes can be nested.

>
>> Here is my in-order list of packages for the Cryptography  
>> Configuration:
>>
>> Cryptography-Core
>> Cryptography-ARC2
>> Cryptography-RC4
>> Cryptography-MD4
>> Cryptography-MD5
>> Cryptography-SHA1
>> Cryptography-SHA256
>> Cryptography-DES
>> Cryptography-DSA
>> Cryptography-RSA
>> Cryptography-ElGamal
>> Cryptography-Rijndael
>> Cryptography-RandomAndPrime
>> Cryptography-ASN1
>> Cryptography-X509
>> Cryptography-PKCS12
>> Cryptography-Tests
>
> http://mc.lukas-renggli.ch/spielverderber/Cryptography-pmm.1.mcm
> (I don't have the commit right for the cryptography project on SqS)

I tried but I couldn't load it.  Where is the patch for Configurations?

thanks and cheers,
Rob

>
> Cheers
> Philippe
>
>> cheers,
>> Rob
>>
>> On Apr 21, 2007, at 8:55 AM, Philippe Marschall wrote:
>>
>> > 2007/4/21, Robert Withers <reefedjib at yahoo.com>:
>> >> This is a request for comment on consolidating the Cryptography
>> >> library for a general release.  What I mean by that is  
>> consolidating
>> >> to a single Monticello package, that would allow users to one- 
>> click
>> >> load the basic library.  Currently there is an implicit load order
>> >> which most users don't know.  We still don't have Configuration
>> >> support so that isn't a solution right now.
>> >
>> > What's the problem there? If you can load it with Monticello it  
>> should
>> > be no problem to have a Configuration Map for it. I could even  
>> build
>> > you one. Just tell me what you want in and in which order.
>> >
>> > Cheers
>> > Philippe
>> >
>> >> If this idea is supported, I suggest we look at all the  
>> packages and
>> >> decide which are "in", then generate the Cryptography package with
>> >> these packages loaded.
>> >>
>> >> Those packages that are not included, like Cryptography-SMIME for
>> >> instance, should really be renamed to not have the Cryptography-
>> >> prefix.  The old versions can be deleted to keep things clean.
>> >>
>> >> Those packages that are selected, and are determined to be  
>> complete,
>> >> could be deleted as independent packages and we would just rely on
>> >> them being in the consolidated package and develop there when
>> >> needed.  After this first step is completed, we could reassign the
>> >> classes to a more compact categorization.
>> >>
>> >> Below is a list of the packages.  Please vote and if your vote is
>> >> yes, what are your package recommendations as described below.
>> >>
>> >> Rob
>> >>
>> >> Packages:
>> >> Those with a '*' in front are my suggestions as to which is to be
>> >> included in Cryptography.  Those with a '!' in front are my
>> >> suggestions as to which should be renamed away from Cryptography-.
>> >> Those with a '+++' are candidates for deletion, since they have  
>> been
>> >> superseded.
>> >>
>> >> * Cryptography-ARC2
>> >> * Cryptography-ASN1
>> >> * Cryptography-Core
>> >> * Cryptography-DES
>> >> * Cryptography-DSA
>> >> * Cryptography-ElGamal
>> >> * Cryptography-MD4
>> >> * Cryptography-MD5
>> >> * Cryptography-PKCS12
>> >> * Cryptography-RC4
>> >> * Cryptography-RSA
>> >> * Cryptography-RandomAndPrime
>> >> * Cryptography-Rijndael
>> >> * Cryptography-SHA1
>> >> * Cryptography-SHA256
>> >> ! Cryptography-SMIME
>> >> ! Cryptography-SSL
>> >> * Cryptography-Tests
>> >> * Cryptography-X509
>> >> +++Fortuna  (this exists in RandomAndPrime)
>> >> ! Cryptography-MSCerts
>> >> +++Cryptography-TLS (this is superseded by SSL)
>> >> OpenPGP
>> >>
>> >> _______________________________________________
>> >> Cryptography mailing list
>> >> Cryptography at lists.squeakfoundation.org
>> >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>> >> cryptography
>> >>
>> > _______________________________________________
>> > Cryptography mailing list
>> > Cryptography at lists.squeakfoundation.org
>> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>> > cryptography
>>
>>
>> _______________________________________________
>> Cryptography mailing list
>> Cryptography at lists.squeakfoundation.org
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>> cryptography
>>
>>
>>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2421 bytes
Desc: not available
Url : http://lists.squeakfoundation.org/pipermail/cryptography/attachments/20070421/abd64759/smime-0001.bin

More information about the Cryptography mailing list