[Cryptography Team] RFC: Consolidating the Cryptography library for a general release

Philippe Marschall philippe.marschall at gmail.com
Sun Apr 22 07:48:45 UTC 2007 

2007/4/21, Robert Withers <reefedjib at yahoo.com>:
>
> On Apr 21, 2007, at 10:26 AM, Philippe Marschall wrote:
>
> > 2007/4/21, Robert Withers <reefedjib at yahoo.com>:
> >> Hi Philippe,
> >>
> >> I hadn't realized that Configurations had been fixed in 3.9.  They
> >> were broken badly in 3.8.
> >
> > They don't work out of the box in 3.9, you're right about that. I
> > don't know what the situation on 3.8.1 is.
>
> I'm sorry but I don't think it is suitable to deploy Cryptography
> using a mechanism that does not work out of the box.  It has been two
> cycles (3.8 and 3.9) where this problem has existed without being
> repaired.  We are trying to arrive at a solution to allow users to
> load Cryptography out of the box, so they can start using
> applications that are built on top of Cryptography, like SMIME and
> SSL.  I think consolidating the library makes perfect sense, and if
> someone needs a slimmed down version we can create one for them.  I'm
> sorry if a little frustration is coming through, but Monticello is a
> fantastic product that I use everyday, but we have tried to notify
> people of the problem with Configurations and nothing was done.  I
> would love to use it if it worked out of the box in 3.9.  Maybe a fix
> could be added to 3.10.

You don't need to tell me, I'm neither maintainer of Monticello (yes
Monticello has a maintainer) or Monticello Configurations neither am I
in the release team. I'm just submitting patches.

> >
> >> This would certainly be a solution to load
> >> the various Crypto packages, and it would have the advantage of
> >> allowing people to load a smaller subset for constrained devices.
> >> I'll take you up on you offer to build a Configuration file for us.
> >> Is it possible to nest one configuration inside of another?
> >
> > No.
>
> Bummer.
>
> >
> >> If I
> >> build a SSL configuration, I would want to load the Cryptography
> >> configuration with it.  O is this what Universes will deliver to us.
> >> Slightly confused.
> >
> > Universes supports dependencies afaik.
>
> Maybe this is now the solution, to add all packages to a Universe.  I
> wonder if Universes can be nested.

I don't know enough about Universes.

> >
> >> Here is my in-order list of packages for the Cryptography
> >> Configuration:
> >>
> >> Cryptography-Core
> >> Cryptography-ARC2
> >> Cryptography-RC4
> >> Cryptography-MD4
> >> Cryptography-MD5
> >> Cryptography-SHA1
> >> Cryptography-SHA256
> >> Cryptography-DES
> >> Cryptography-DSA
> >> Cryptography-RSA
> >> Cryptography-ElGamal
> >> Cryptography-Rijndael
> >> Cryptography-RandomAndPrime
> >> Cryptography-ASN1
> >> Cryptography-X509
> >> Cryptography-PKCS12
> >> Cryptography-Tests
> >
> > http://mc.lukas-renggli.ch/spielverderber/Cryptography-pmm.1.mcm
> > (I don't have the commit right for the cryptography project on SqS)
>
> I tried but I couldn't load it.  Where is the patch for Configurations?

The main problem is actually not Configurations but Monticello. There
are about three (maybe now four versions from which you can pick:

http://bugs.squeak.org/view.php?id=5217
http://bugs.squeak.org/view.php?id=4991
http://www.squeaksource.com/Trike.html

For 3.8 you might want to the one from the Impara repository:
http://source.impara.de/mc

Cheers
Philippe

> thanks and cheers,
> Rob
>
> >
> > Cheers
> > Philippe
> >
> >> cheers,
> >> Rob
> >>
> >> On Apr 21, 2007, at 8:55 AM, Philippe Marschall wrote:
> >>
> >> > 2007/4/21, Robert Withers <reefedjib at yahoo.com>:
> >> >> This is a request for comment on consolidating the Cryptography
> >> >> library for a general release.  What I mean by that is
> >> consolidating
> >> >> to a single Monticello package, that would allow users to one-
> >> click
> >> >> load the basic library.  Currently there is an implicit load order
> >> >> which most users don't know.  We still don't have Configuration
> >> >> support so that isn't a solution right now.
> >> >
> >> > What's the problem there? If you can load it with Monticello it
> >> should
> >> > be no problem to have a Configuration Map for it. I could even
> >> build
> >> > you one. Just tell me what you want in and in which order.
> >> >
> >> > Cheers
> >> > Philippe
> >> >
> >> >> If this idea is supported, I suggest we look at all the
> >> packages and
> >> >> decide which are "in", then generate the Cryptography package with
> >> >> these packages loaded.
> >> >>
> >> >> Those packages that are not included, like Cryptography-SMIME for
> >> >> instance, should really be renamed to not have the Cryptography-
> >> >> prefix.  The old versions can be deleted to keep things clean.
> >> >>
> >> >> Those packages that are selected, and are determined to be
> >> complete,
> >> >> could be deleted as independent packages and we would just rely on
> >> >> them being in the consolidated package and develop there when
> >> >> needed.  After this first step is completed, we could reassign the
> >> >> classes to a more compact categorization.
> >> >>
> >> >> Below is a list of the packages.  Please vote and if your vote is
> >> >> yes, what are your package recommendations as described below.
> >> >>
> >> >> Rob
> >> >>
> >> >> Packages:
> >> >> Those with a '*' in front are my suggestions as to which is to be
> >> >> included in Cryptography.  Those with a '!' in front are my
> >> >> suggestions as to which should be renamed away from Cryptography-.
> >> >> Those with a '+++' are candidates for deletion, since they have
> >> been
> >> >> superseded.
> >> >>
> >> >> * Cryptography-ARC2
> >> >> * Cryptography-ASN1
> >> >> * Cryptography-Core
> >> >> * Cryptography-DES
> >> >> * Cryptography-DSA
> >> >> * Cryptography-ElGamal
> >> >> * Cryptography-MD4
> >> >> * Cryptography-MD5
> >> >> * Cryptography-PKCS12
> >> >> * Cryptography-RC4
> >> >> * Cryptography-RSA
> >> >> * Cryptography-RandomAndPrime
> >> >> * Cryptography-Rijndael
> >> >> * Cryptography-SHA1
> >> >> * Cryptography-SHA256
> >> >> ! Cryptography-SMIME
> >> >> ! Cryptography-SSL
> >> >> * Cryptography-Tests
> >> >> * Cryptography-X509
> >> >> +++Fortuna  (this exists in RandomAndPrime)
> >> >> ! Cryptography-MSCerts
> >> >> +++Cryptography-TLS (this is superseded by SSL)
> >> >> OpenPGP
> >> >>
> >> >> _______________________________________________
> >> >> Cryptography mailing list
> >> >> Cryptography at lists.squeakfoundation.org
> >> >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> >> >> cryptography
> >> >>
> >> > _______________________________________________
> >> > Cryptography mailing list
> >> > Cryptography at lists.squeakfoundation.org
> >> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> >> > cryptography
> >>
> >>
> >> _______________________________________________
> >> Cryptography mailing list
> >> Cryptography at lists.squeakfoundation.org
> >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> >> cryptography
> >>
> >>
> >>
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> > cryptography
>
>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>
>
>

More information about the Cryptography mailing list