|
Boost : |
From: Mike (mike.dev_at_[hidden])
Date: 2020-02-25 09:00:03
> Gesendet: Montag, 24. Februar 2020 um 17:00 Uhr
> Von: "Kostas Savvidis via Boost" <boost_at_[hidden]>
> > On Feb 24, 2020, at 12:34, Mike via Boost <boost_at_[hidden]> wrote:
> >
> > I can't speak for the boost community, but I guess another big question mark is probably
> > long term support and response to security vulnerabilities.
>
> +1 --- If it is not written by people with academic credentials in cryptography
> and does not come with an independent
> security audit from the same it should be a clear no go.
I have to wonder though: Did/does Openssl/libressl actually satisfy those criteria?
I mean, we are (hopefulley) not talking about inventing new crypto algorithms, but
rather have a new implementation for existing ones. I'm not sure, if you really need
a degree in cryptology to write one (unless the specs are so complicated that no one
else can understand them of course). I'm much more concerned with e.g. avoiding
the likes of heartbleed and making sure one has a true source of random numbers.
But yes, such a library would definetly need an audit by experts in the field to make
sure the algorithms are implemented correctly. And as Alexander pointed out, there
needs to be a way to patch bugs and update the lib outside of the regular boost
distribution (Btw. that is a general concern I have with libraries that process network
traffic)
Best
Mike
>
> Best,
> Kostas Savvidis
>
> ============================================================================================
> Institute of Nuclear and Particle Physics
> NCSR Demokritos
> https://github.com/kotika/random <https://github.com/kotika/random>
> https://mixmax.hepforge.org <https://mixmax.hepforge.org/>
>
> _______________________________________________
> Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
>
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk