All,
Ok so we have started a cryptography team. There is a new Cryptography List you can sign up at: http://lists.squeakfoundation.org/mailman/listinfo/cryptography
We are still looking for volunteers if you have an interest, have some experience, or need cryptography for your application please volunteer.
We are starting with ASN.1 which could also be used to help optimize communications between systems. From there we will move on to x.509v3 and PGP.
One of our members suggested that we contact Cincom, which we did. We asked if a port of Cincom code was possible, and we received a positive reply. The only issue that came up was about license rights. We are waiting for a more definite response, but so far they are not comfortable with Squeak license. They would prefer LGPL or the Artistic License for the code that we port from them directly.
I've read through them but I'm not an expert on licenses. Can you give me your reactions to using either one of these license models for our cryptography packages? What would the general reaction be? Has anyone compared the models enough to tell me the difference between Squeak and LGPL? For LGPL I understood the extra requirements to separate functionality of the package form the applications so that it can be run separately and the source code availability requirements which considering that this is smalltalk and source is always available we can include the license on the class comment to make sure that developers include this notice in their applications. We have not decided to go this route; we are just exploring the options.
Also, there are currently PKI classes in the base image. Those classes are duplicated in the current cryptographic package. Does anyone have an opinion on whether or not cryptographic classes should be in the base image? If so what pieces do you think should be there?
Your thoughts are welcome.
Thanks,
Ron Teitelbaum