On Wed, Jan 29, 2014 at 11:17 AM, Tony Arcieri <[email protected]> wrote:
> As it were, ruby-core is now talking about extracting OpenSSL into a > separate library packaged independently from the standard distribution. > They are not cryptographic domain experts, don't want to be responsible for > it, and having it in the standard library limits their agility around > incident response when security problems are discovered. > Understandable. Though, packaging bindings to a mature implementation would reduce the need for experts in Rust, and still give users the "this is audited crypto code, use it" message. > rust-crypto is a brand new implementation of a bunch of crypto which > hasn't been well-audited. That alone should worry you. > I was under the impression that rust-crypto was extra::crypto moved into a separate library. I could be wrong. > I would definitely not be a fan of a non-battle hardened crypto library > being in core Rust. > I wouldn't be either. Whichever library is used, Rust could call it libcrypto, and I as a user can trust that it's a good library that I can use.
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
