[Cryptography Team] Re: [squeak-dev] Re: Cryptography
Rob Withers
reefedjib at yahoo.com
Wed Jun 30 18:09:40 UTC 2010
--------------------------------------------------
From: "C. David Shaffer" <cdshaffer at acm.org>
Sent: Wednesday, June 30, 2010 12:11 PM
To: "The general-purpose Squeak developers list"
<squeak-dev at lists.squeakfoundation.org>; "Ron Teitelbaum"
<Ron at USMedRec.com>; "Squeak Cryptography"
<cryptography at lists.squeakfoundation.org>
Subject: [squeak-dev] Re: Cryptography
> On 06/29/10 22:36, Rob Withers wrote:
>> Hi David,
>>
>> I am CCing the squeak-dev list.
>>
>> I had tried to contact Ron over the weekend, since he is the admin for
>> the SqueakSource Cryptography package. I needed to add you as a
>> member of the Crypto team. That's right, you are a member now. I
>> didn't hear from him so the email address may be bad. We'll see if
>> we hear from him in the future. I hope so.
>>
>> Do you have the link to the Crypto mailing list?
> Yes, do we move this discussion there?
We can discuss in one or both. Your choice. I think the most visibility
will be from discussing it on squeak-dev.
>
>>
>> I agree we should do this in public. I would suggest the squeak-dev
>> list.
>>
>> We may have several "forks" and/or subsequent work done from the root
>> package.
>>
>> The root package for SSL is in the Monticello repository
>> http://www.squeaksource.com/Cryptography, but it may not be the
>> latest. I think that the SSL package there is the latest...Whoa! I
>> just checked again and new SSL packages were inserted 2 days ago. The
>> latest there used to be SSL-rww.4.mcz and now there is a SSL-jrd.12.mcz.
>
> Yes, I copied the mods from the croquet-source repo. SSL was easy as
> there were no forks. jrd.12 is the version I am using and it is working
> pretty well. I did have some intermittent failures when I was first
> moving to Squeak4.1 but those might have been due to errant versions of
> the Cryptography package. I will do a fresh build and verify this
> version.
>
Ah, excellent. I also have SSL-jrd.12.mcz loaded.
I have one class in SSL that I use in SqueakElib. When I load both, it rips
it from one location and places it in another (different categories).
Stéphane Ducasse has pointed me to metacello
(http://gemstonesoup.wordpress.com/2009/08/25/metacello-package-management-for-monticello/),
which is a package management system. It allows one to load dependent
packages. You might want to look into it.
>>
>> The root package for Cryptography is in the same repository, but it is
>> less clear which is the latest and greatest. There is a mixture of
>> version numbers. I am using Cryptography-cmm.13.mcz. All tests pass
>> except for a Rindael test and an X509 test (due to bad validity dates).
>>
>> I know there is packages in
>> http://croquet-src-01.oit.duke.edu:8886/Contributions. SSL look like
>> the ones now in the Cryptography repository above. The Cryptography
>> packages in Contributions look like they are also in the Cryptography
>> repository, but mixed up with other work. In Contributions, there is
>> the sequence of packages:
>>
>> Cryptography-RJT.10.mcz (the root package)
>> Cryptography-jrd.11.mcz
>> Cryptography-jrd.12.mcz
>> Cryptography-mtf.13.mcz
>>
>> These are interwoven with other packages in the Cryptography
>> repository, with the same version numbers.
>
> Right, there are several forks to be reconciled. FWIW I am running
> mtf.13 as none of the versions from the original Cryptography repo had
> ASN.1 support needed to do SSL (SSL30 or TLS10/11). Unfortunately this
> version fails CryptoX509Test>>testSignatureValidation (as well as the
> Rindael test you mentioned). I am hoping the harvesting from the other
> forks will take care of this.
I need to fix the X509 error.
>
> At this point all of the croquet-source versions are in their rightful
> place in the Cryptography project on SqueakSource. The SqueakSource
> project contains no license information. It would be a very good idea
> to assign a license so that all contributions to this repo are
> automatically assigned that license. I think Ron needs to guide this
> process as this is his baby. At the very least Ron and all other
> contributors need to be asked to accept whatever license is selected or
> we will have to re-write those portions. I am happy to try to track
> everyone down but not without making sure Ron is receptive to this.
>
It was understood that we were doing work under the MIT license. It was
open development for anyone's use. I set the license in the Cryptography
repo.
Rob
> David
>
>
More information about the Cryptography
mailing list