From: degski (degski_at_[hidden])
Date: 2020-02-26 15:41:55
On Mon, 24 Feb 2020 at 05:42, Alexander Grund via Boost <
> > I can't speak for the boost community, but I guess another big question
> mark is probably
> > long term support and response to security vulnerabilities. I wouldn't
> be surprised,
> > if people are reluctant to base the security of their communication on a
> lesser known library,
> > when they can't be confident that bugs and vulnerabilities are getting
> fixed quickly.
> I'd fear the same. Common usage of Boost is: Install specific version
> and stick to it until absolutely required to upgrade.
> --> This longevity is not suitable for a crypto library which need to
> adapt to new threats quickly.
> I'd hence suggest to make this a standalone version with CI tested
> against various boost versions (at least min. required, latest release
> and (opt) master) and use proper semantic versioning as well as good
> integration with build systems (I'd suggest CMake and/or Meson)
Yes, this, but why have (in case it's just a stand-alone component) a Boost
component in the first place? This assumes thorough understanding of crypto
(from the consumer), std-s are a problem and a c-api is the way to go,
adopt some good ways-of-working, regarding crypto, use libsodium, or
openssl. Also libsodium is actively developed and the devs are not
distracted by C++, they can also not introduce nasty things/bugs related to
C++, which is easy, the infamous foot-gun. You know what you get and it is
guaranteed to work, even with VC-6 (or earlier) or on embedded.
> However I can imagine that some Boost libraries may use that, especially
> if it integrates well enough
> Unsubscribe & other changes:
-- @realdegski https://brave.com/google-gdpr-workaround/ "We value your privacy, click here!" Sod off! - degski "Anyone who believes that exponential growth can go on forever in a finite world is either a madman or an economist" - Kenneth E. Boulding "Growth for the sake of growth is the ideology of the cancer cell" - Edward P. Abbey
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk