Le mercredi 18 octobre 2017 11:52:47 UTC+2, Dr. David Kirkby (Kirkby Microwave Ltd) a écrit : > > On 18 Oct 2017 00:39, "William Stein" <wst...@gmail.com <javascript:>> > wrote: > > > > > > On Tue, Oct 17, 2017 at 4:35 PM Dr. David Kirkby (Kirkby Microwave Ltd) < > drki...@kirkbymicrowave.co.uk <javascript:>> wrote: > > >> There are a lot of number theorists using Sagemath. Could one or more > consider implementing the functionality of OpenSSL in a re-write? Maybe a > Google Summer of Code project? > > > > > > Absolutely not. That's not how security software works (and would be > insulting to the OpenSSL developers). You are **epically** understimating > what OpenSSL is and does. > > I don't see how it is insulting to someone to say we like what you have > done, but need a different licence model, so will need to implement the > algoithms ourselves. > Implementing crypto algorithms is (relatively) easy.
Implementing crypto algorithms *correctly* (i. e. with no failure points) is *incredibly** *hard*. *The implementation needs not only implement the algorithm, it has to do so leaving no exploitable traces or exploitable backdoors. As you should know, proving the *absence* of such attack points is really *not* easy. The recent history offers a *lot* of security issues attributable to faulty implementations of sound algorithms. The last one has been published just the day before yesterday (Google for "WPA KRACK" if you're not convinced...) I don't know how to do that correctly. However, I know that I don't know.... > How is that materially different to Octave implementing MATLAB > functionality but under an open source licence? > Try it for yourself ;-). > I feel an unacceptable licence and/or a broken implementation on one > platform (OSX) are both reasons for a rewrite. It seems that there are > both problems now. > > What in my opinion is insulting is to > > 1) Add the OpenSSL code to Sagemath, knowing full well it is against the > licence. > Whose license ? The problem is not with OpenSSL licenses (yes, there are two of them...) but with the GPL. Terms that we may amend at will. A suggestion (written and tested by the authors of another Gnu package) has been made, which some find faulty. They are welcome to propose better terms... > How anybody can justify such action is beyond me. > See above. > > > 2) Email people and say that you assume that they agree unless they say > they object. > That's (alas...) common practice, in much more general ways that software licensing. You should try to explain to your tax collector that you didn't consent to pay taxes... At least, that's not shrink-wrap license... -- Emmanuel Charpentier -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
