OK, thanks for the detailed explanation.

First of all it seems like the biggest part of this is the already
existing Cryptography external package.  There is nothing that keeps you
from forking this package and continuing from there.  However I think
politeness dictates that you make a good faith effort to communicate
with the current package owner and the other package authors and see if
you can't work with them.  I think you should give Luciano at least a
week or two to respond, it's possible he's away on vacation or
something.  So send annother email to Luciano and all of the rest of the
authors indicating that you are interested in the future of this package
and would be willing to take responsibility for it.  Then let's give
them a couple of weeks at least to respond.  If there is no response
then maybe it's time to fork and I would ask you to come back to the
list with this if it comes to that.  Sound OK with you?

Regarding normalizing this package and the corresponding classes in the
image I think that's a very good goal.  In fact it may be the case that
the handful of classes still in the image should be extracted into the
package and be removed at least from the Basic image.  However that of
course depends on whether or not there are any dependencies on them.
This will need to be carefully considered.

At any rate I'm certainly in support of seeing you move support on this
along, I just want to see that we all make an effort to be reasonably
polite and avoid stepping on each other.

Ken

On Wed, 2005-10-19 at 13:21 -0400, Ron Teitelbaum wrote:
> Ken,
> 
> Cryptography,
> 
> Team goals: 
> 
> 1) Identify and isolate Cryptographic classes and define SM package for base
> image classes.
> 2) Maintain Current Cryptography Standards in the image.
> 3) Make sure that the external package stays current with image
> implementations. (SHA1 and SecureHashAlgorithm are copies of each other but
> there were differences in implementations.  I'm not sure why we need both
> but there you are.).
> 4) Fix errors in Cryptography in package or in image like
> ThrityTwoBitRegister, The byteArray appears to be implemented backwards.  We
> will need rights to make/change assignments in Mantis.
> 5) Get external US Government certification of Security for external package
> and image components.
> 6) Research and add cryptography as necessary to stay current with
> cryptographic changes in the industry.
> 7) Support CACert.
> 8) Integrate Signatures and Encryption into Email Packages.
> 9) Write Security Articles for cross promotion with squeak news team (and
> publish some articles outside this group for squeak promotion).
> 10) Start Cryptography list for people using the internal or external
> package for cryptographic news and alerts, or changes in implementations
> planned so that consumers of the cryptographic code can understand what
> changes are needed to integrate new code.
> 
> Oh yeah and get volunteers, if any, to join the team.
> 
> Scratching, 
> Ron
> 
> -----Original Message-----
> From: squeak-dev-bounces at lists.squeakfoundation.org
> [mailto:squeak-dev-bounces at lists.squeakfoundation.org] On Behalf Of Ken
> Causey
> Sent: Wednesday, October 19, 2005 12:30 PM
> To: Ron at USMedRec.com
> Cc: The general-purpose Squeak developers list
> Subject: Cryptography Team (was RE: Need to do something)
> 
> Ron,
> 
> This is great, thank you!
> 
> Where we need to start here though is in defining what you see yourself
> (your team) being responsible for.  The issue is that there is no
> current Cryptography PackageInfo defining the classes that would come
> under that definition.  Also there is already an SM package with this
> name.  The image itself contains at least a few Crypto related classes
> like DigitalSignatureAlgorithm, SecureHashAlgorithm, etc.  The SM
> package is distince from this and includes many other classes.
> 
> What we are really asking for here is maintainers for the code in the
> image.  That doesn't necessarily mean that you can't adopt an external
> package like Cryptography, but that doesn't (I don't think) come under
> the 'Need to do something' category.
> 
> At any rate what I'm asking here, first of all, is simply a clear
> definition from you as to what you see such a team covering?
> 
> Ken
> 
> On Wed, 2005-10-19 at 11:37 -0400, Ron Teitelbaum wrote:
> > Göran,
> > 
> > 	I volunteer to maintain Cryptography. 
> > 
> > Ron
> > 
> > -----Original Message-----
> > From: Cees De Groot [mailto:cdegroot at gmail.com] 
> > Sent: Wednesday, October 19, 2005 11:27 AM
> > To: Ron at usmedrec.com; The general-purpose Squeak developers list
> > Subject: Re: Need to do something
> > 
> > Well, number 2) of course ;)
> > 
> > On 10/19/05, Ron Teitelbaum <Ron at usmedrec.com> wrote:
> > > So what do you suggest?
> > >
> > > 1) Email everyone that has ever touched the package?
> > > 2) Volunteer to maintain the package myself?
> > > 3) I posted the class to Mantis( http://bugs.impara.de/view.php?id=2086
> ),
> > > should I just assume that that is good enough?
> > > 4) Forget it and keep the changes to myself?
> > 
> > 
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20051019/884a1918/attachment.pgp