[Cryptography Team] RFC: Consolidating the Cryptography library fora general release

Ron Teitelbaum Ron at USMedRec.com
Sun Apr 22 03:32:31 UTC 2007 

I agree that there is no need to have separate packages for cryptography.
Our original goal was to allow separate base algorithms to be loaded
individually but there have already been a number of problems with
dependencies, especially the need to load MD5 before other packages.  I
agree with your assessment, and baring no other objections from the team, I
would support consolidating base algorithms into Cryptography, and
applications into separate packages.

Ron

> -----Original Message-----
> From: Robert Withers [mailto:reefedjib at yahoo.com]
> Sent: Saturday, April 21, 2007 11:31 AM
> To: Ron at USMedRec.com; Cryptography Team Development List
> Subject: Re: [Cryptography Team] RFC: Consolidating the Cryptography
> library fora general release
> 
> Hi Ron,
> 
> 
> On Apr 20, 2007, at 7:53 PM, Ron Teitelbaum wrote:
> 
> > Hi Rob,
> >
> > Very cool about the SMIME work I'm looking forward to working with it.
> 
> I have one last bug to fix for signatures.
> 
> > There is some working and useful code in MSCerts and I need to
> > review TLS
> > for any dependencies.  Also the work that I started which
> > integrates SSL
> > with Kom is there, I think in the tls package, so as long as we
> > don't delete
> > them I'm ok with renaming them.  Were you planning on moving SSL
> > and SMIME
> > into another repository or just renaming them within the Cryptography
> > repository?
> 
> I was just going to re-categorize them and republish them as SSL and
> SMIME, but leave them in this repository.  I have already done this
> locally for SMIME, but I am waiting for the go ahead on the
> consolidation.
> 
> > We originally separated them out so that someone could select which
> > components they needed.
> 
> I thought it was done to assist with concurrent development, but most
> of it is stable now.
> 
> > I agree with you that this introduced some load
> > dependencies.  Also the size of the classes themselves is not large
> > enough
> > to really warrant their own packages.  We probably introduced more
> > problems
> > and confusion then we solved.  So I agree with your suggestion and
> > would
> > support having one cryptography package with all the component
> > algorithms,
> > and then separate packages for applications.  I should also move my
> > KeyHolder and my PasswordSaltAndStretch somewhere.  I'm not sure
> > they are
> > components but they are not really applications either.  Suggestions?
> 
> I think something in RC2 or something uses KeyHolder, et al.   Let's
> leave them in.
> 
> So you agree with my package allocation?
> 
> Rob
> 
> >
> > Ron
> >
> >> -----Original Message-----
> >> From: Robert Withers
> >>
> >> This is a request for comment on consolidating the Cryptography
> >> library for a general release.  What I mean by that is consolidating
> >> to a single Monticello package, that would allow users to one-click
> >> load the basic library.  Currently there is an implicit load order
> >> which most users don't know.  We still don't have Configuration
> >> support so that isn't a solution right now.
> >>
> >> If this idea is supported, I suggest we look at all the packages and
> >> decide which are "in", then generate the Cryptography package with
> >> these packages loaded.
> >>
> >> Those packages that are not included, like Cryptography-SMIME for
> >> instance, should really be renamed to not have the Cryptography-
> >> prefix.  The old versions can be deleted to keep things clean.
> >>
> >> Those packages that are selected, and are determined to be complete,
> >> could be deleted as independent packages and we would just rely on
> >> them being in the consolidated package and develop there when
> >> needed.  After this first step is completed, we could reassign the
> >> classes to a more compact categorization.
> >>
> >> Below is a list of the packages.  Please vote and if your vote is
> >> yes, what are your package recommendations as described below.
> >>
> >> Rob
> >>
> >> Packages:
> >> Those with a '*' in front are my suggestions as to which is to be
> >> included in Cryptography.  Those with a '!' in front are my
> >> suggestions as to which should be renamed away from Cryptography-.
> >> Those with a '+++' are candidates for deletion, since they have been
> >> superseded.
> >>
> >> * Cryptography-ARC2
> >> * Cryptography-ASN1
> >> * Cryptography-Core
> >> * Cryptography-DES
> >> * Cryptography-DSA
> >> * Cryptography-ElGamal
> >> * Cryptography-MD4
> >> * Cryptography-MD5
> >> * Cryptography-PKCS12
> >> * Cryptography-RC4
> >> * Cryptography-RSA
> >> * Cryptography-RandomAndPrime
> >> * Cryptography-Rijndael
> >> * Cryptography-SHA1
> >> * Cryptography-SHA256
> >> ! Cryptography-SMIME
> >> ! Cryptography-SSL
> >> * Cryptography-Tests
> >> * Cryptography-X509
> >> +++Fortuna  (this exists in RandomAndPrime)
> >> ! Cryptography-MSCerts
> >> +++Cryptography-TLS (this is superseded by SSL)
> >> OpenPGP
> >>
> >> _______________________________________________
> >> Cryptography mailing list
> >> Cryptography at lists.squeakfoundation.org
> >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> >> cryptography
> >
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> > cryptography

More information about the Cryptography mailing list