--------------------------------------------------
From: "C. David Shaffer" <cdshaffer at acm.org>
Sent: Wednesday, June 30, 2010 12:11 PM
To: "The general-purpose Squeak developers list" 
<squeak-dev at lists.squeakfoundation.org>; "Ron Teitelbaum" 
<Ron at USMedRec.com>; "Squeak Cryptography" 
<cryptography at lists.squeakfoundation.org>
Subject: [squeak-dev] Re: Cryptography

> On 06/29/10 22:36, Rob Withers wrote:
>> Hi David,
>>
>> I am CCing the squeak-dev list.
>>
>> I had tried to contact Ron over the weekend, since he is the admin for
>> the SqueakSource Cryptography package.  I needed to add you as a
>> member of the Crypto team.   That's right, you are a member now.  I
>> didn't hear from him so the email address may be bad.   We'll see if
>> we hear from him in the future.  I hope so.
>>
>> Do you have the link to the Crypto mailing list?
> Yes, do we move this discussion there?

We can discuss in one or both.  Your choice.  I think the most visibility 
will be from discussing it on squeak-dev.

>
>>
>> I agree we should do this in public.  I would suggest the squeak-dev
>> list.
>>
>> We may have several "forks" and/or subsequent work done from the root
>> package.
>>
>> The root package for SSL is in the Monticello repository
>> http://www.squeaksource.com/Cryptography, but it may not be the
>> latest.  I think that the SSL package there is the latest...Whoa!  I
>> just checked again and new SSL packages were inserted 2 days ago.  The
>> latest there used to be SSL-rww.4.mcz and now there is a SSL-jrd.12.mcz.
>
> Yes, I copied the mods from the croquet-source repo.  SSL was easy as
> there were no forks.  jrd.12 is the version I am using and it is working
> pretty well.  I did have some intermittent failures when I was first
> moving to Squeak4.1 but those might have been due to errant versions of
> the Cryptography package.  I will do a fresh build and verify this 
> version.
>

Ah, excellent.  I also have SSL-jrd.12.mcz loaded.

I have one class in SSL that I use in SqueakElib.  When I load both, it rips 
it from one location and places it in another (different categories). 
Stéphane Ducasse has pointed me to metacello 
(http://gemstonesoup.wordpress.com/2009/08/25/metacello-package-management-for-monticello/), 
which is a package management system.  It allows one to load dependent 
packages.   You might want to look into it.

>>
>> The root package for Cryptography is in the same repository, but it is
>> less clear which is the latest and greatest.  There is a mixture of
>> version numbers.  I am using Cryptography-cmm.13.mcz.   All tests pass
>> except for a Rindael test and an X509 test (due to bad validity dates).
>>
>> I know there is packages in
>> http://croquet-src-01.oit.duke.edu:8886/Contributions.   SSL look like
>> the ones now in the Cryptography repository above.   The Cryptography
>> packages in Contributions look like they are also in the Cryptography
>> repository, but mixed up with other work.  In Contributions, there is
>> the sequence of packages:
>>
>> Cryptography-RJT.10.mcz (the root package)
>> Cryptography-jrd.11.mcz
>> Cryptography-jrd.12.mcz
>> Cryptography-mtf.13.mcz
>>
>> These are interwoven with other packages in the Cryptography
>> repository, with the same version numbers.
>
> Right, there are several forks to be reconciled.  FWIW I am running
> mtf.13 as none of the versions from the original Cryptography repo had
> ASN.1 support needed to do SSL (SSL30 or TLS10/11).  Unfortunately this
> version fails CryptoX509Test>>testSignatureValidation (as well as the
> Rindael test you mentioned).  I am hoping the harvesting from the other
> forks will take care of this.

I need to fix the X509 error.

>
> At this point all of the croquet-source versions are in their rightful
> place in the Cryptography project on SqueakSource.  The SqueakSource
> project contains no license information.  It would be a very good idea
> to assign a license so that all contributions to this repo are
> automatically assigned that license.  I think Ron needs to guide this
> process as this is his baby.  At the very least Ron and all other
> contributors need to be asked to accept whatever license is selected or
> we will have to re-write those portions.  I am happy to try to track
> everyone down but not without making sure Ron is receptive to this.
>

It was understood that we were doing work under the MIT license.  It was 
open development for anyone's use.  I set the license in the Cryptography 
repo.

Rob

> David
>
>