-------------------------------------------------- From: "C. David Shaffer" cdshaffer@acm.org Sent: Wednesday, June 30, 2010 12:11 PM To: "The general-purpose Squeak developers list" squeak-dev@lists.squeakfoundation.org; "Ron Teitelbaum" Ron@USMedRec.com; "Squeak Cryptography" cryptography@lists.squeakfoundation.org Subject: [squeak-dev] Re: Cryptography
On 06/29/10 22:36, Rob Withers wrote:
Hi David,
I am CCing the squeak-dev list.
I had tried to contact Ron over the weekend, since he is the admin for the SqueakSource Cryptography package. I needed to add you as a member of the Crypto team. That's right, you are a member now. I didn't hear from him so the email address may be bad. We'll see if we hear from him in the future. I hope so.
Do you have the link to the Crypto mailing list?
Yes, do we move this discussion there?
We can discuss in one or both. Your choice. I think the most visibility will be from discussing it on squeak-dev.
I agree we should do this in public. I would suggest the squeak-dev list.
We may have several "forks" and/or subsequent work done from the root package.
The root package for SSL is in the Monticello repository http://www.squeaksource.com/Cryptography, but it may not be the latest. I think that the SSL package there is the latest...Whoa! I just checked again and new SSL packages were inserted 2 days ago. The latest there used to be SSL-rww.4.mcz and now there is a SSL-jrd.12.mcz.
Yes, I copied the mods from the croquet-source repo. SSL was easy as there were no forks. jrd.12 is the version I am using and it is working pretty well. I did have some intermittent failures when I was first moving to Squeak4.1 but those might have been due to errant versions of the Cryptography package. I will do a fresh build and verify this version.
Ah, excellent. I also have SSL-jrd.12.mcz loaded.
I have one class in SSL that I use in SqueakElib. When I load both, it rips it from one location and places it in another (different categories). Stéphane Ducasse has pointed me to metacello (http://gemstonesoup.wordpress.com/2009/08/25/metacello-package-management-fo...), which is a package management system. It allows one to load dependent packages. You might want to look into it.
The root package for Cryptography is in the same repository, but it is less clear which is the latest and greatest. There is a mixture of version numbers. I am using Cryptography-cmm.13.mcz. All tests pass except for a Rindael test and an X509 test (due to bad validity dates).
I know there is packages in http://croquet-src-01.oit.duke.edu:8886/Contributions. SSL look like the ones now in the Cryptography repository above. The Cryptography packages in Contributions look like they are also in the Cryptography repository, but mixed up with other work. In Contributions, there is the sequence of packages:
Cryptography-RJT.10.mcz (the root package) Cryptography-jrd.11.mcz Cryptography-jrd.12.mcz Cryptography-mtf.13.mcz
These are interwoven with other packages in the Cryptography repository, with the same version numbers.
Right, there are several forks to be reconciled. FWIW I am running mtf.13 as none of the versions from the original Cryptography repo had ASN.1 support needed to do SSL (SSL30 or TLS10/11). Unfortunately this version fails CryptoX509Test>>testSignatureValidation (as well as the Rindael test you mentioned). I am hoping the harvesting from the other forks will take care of this.
I need to fix the X509 error.
At this point all of the croquet-source versions are in their rightful place in the Cryptography project on SqueakSource. The SqueakSource project contains no license information. It would be a very good idea to assign a license so that all contributions to this repo are automatically assigned that license. I think Ron needs to guide this process as this is his baby. At the very least Ron and all other contributors need to be asked to accept whatever license is selected or we will have to re-write those portions. I am happy to try to track everyone down but not without making sure Ron is receptive to this.
It was understood that we were doing work under the MIT license. It was open development for anyone's use. I set the license in the Cryptography repo.
Rob
David