On Mon, 25 Jul 2022 at 23:38, Brad ReDacted <brad.redac...@outlook.com> wrote:
> > I hate adding dependencies, but security is best left to security > experts and I strongly advocate against duplicating security related code. > If this security feature is really needed, then the best practices seem to indicate a specialized library is needed, for example the Open Source Security Foundation (OpenSSF) Best Practices state: "If the software produced by the project is an application or library, and its primary purpose is not to implement cryptography, then it SHOULD only call on software specifically designed to implement cryptographic functions; it SHOULD NOT re-implement its own." ("The term SHOULD indicates a criterion that is normally required, but there may exist valid reasons in particular circumstances to ignore it. However, the full implications must be understood and carefully weighed before choosing a different course.") FLOSS Best Practices Criteria (Passing Badge) https://bestpractices.coreinfrastructure.org/en/criteria/0 Criteria Discussion https://bestpractices.coreinfrastructure.org/en/criteria_discussion
_______________________________________________ grass-dev mailing list grass-dev@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/grass-dev