[squeak-dev] Re: Cryptography

C. David Shaffer cdshaffer at acm.org
Wed Jun 30 16:11:14 UTC 2010


On 06/29/10 22:36, Rob Withers wrote:
> Hi David,
>
> I am CCing the squeak-dev list.
>
> I had tried to contact Ron over the weekend, since he is the admin for
> the SqueakSource Cryptography package.  I needed to add you as a
> member of the Crypto team.   That's right, you are a member now.  I
> didn't hear from him so the email address may be bad.   We'll see if
> we hear from him in the future.  I hope so.
>
> Do you have the link to the Crypto mailing list?
Yes, do we move this discussion there?

>
> I agree we should do this in public.  I would suggest the squeak-dev
> list.
>
> We may have several "forks" and/or subsequent work done from the root
> package.
>
> The root package for SSL is in the Monticello repository
> http://www.squeaksource.com/Cryptography, but it may not be the
> latest.  I think that the SSL package there is the latest...Whoa!  I
> just checked again and new SSL packages were inserted 2 days ago.  The
> latest there used to be SSL-rww.4.mcz and now there is a SSL-jrd.12.mcz.

Yes, I copied the mods from the croquet-source repo.  SSL was easy as
there were no forks.  jrd.12 is the version I am using and it is working
pretty well.  I did have some intermittent failures when I was first
moving to Squeak4.1 but those might have been due to errant versions of
the Cryptography package.  I will do a fresh build and verify this version.

>
> The root package for Cryptography is in the same repository, but it is
> less clear which is the latest and greatest.  There is a mixture of
> version numbers.  I am using Cryptography-cmm.13.mcz.   All tests pass
> except for a Rindael test and an X509 test (due to bad validity dates).
>
> I know there is packages in
> http://croquet-src-01.oit.duke.edu:8886/Contributions.   SSL look like
> the ones now in the Cryptography repository above.   The Cryptography
> packages in Contributions look like they are also in the Cryptography
> repository, but mixed up with other work.  In Contributions, there is
> the sequence of packages:
>
> Cryptography-RJT.10.mcz (the root package)
> Cryptography-jrd.11.mcz
> Cryptography-jrd.12.mcz
> Cryptography-mtf.13.mcz
>
> These are interwoven with other packages in the Cryptography
> repository, with the same version numbers.

Right, there are several forks to be reconciled.  FWIW I am running
mtf.13 as none of the versions from the original Cryptography repo had
ASN.1 support needed to do SSL (SSL30 or TLS10/11).  Unfortunately this
version fails CryptoX509Test>>testSignatureValidation (as well as the
Rindael test you mentioned).  I am hoping the harvesting from the other
forks will take care of this.

At this point all of the croquet-source versions are in their rightful
place in the Cryptography project on SqueakSource.  The SqueakSource
project contains no license information.  It would be a very good idea
to assign a license so that all contributions to this repo are
automatically assigned that license.  I think Ron needs to guide this
process as this is his baby.  At the very least Ron and all other
contributors need to be asked to accept whatever license is selected or
we will have to re-write those portions.  I am happy to try to track
everyone down but not without making sure Ron is receptive to this.

David




More information about the Squeak-dev mailing list