[pycrypto] Is PyCrypto dead?

Legrandin helderijs at gmail.com
Mon Apr 21 12:44:16 PDT 2014


Is PyCrypto dead?

If one had to judge from the speed security flaws are recognized,
fixed and disclosed [1], then no, pycrypto is definitely not dead.
Other, more active FOSS library should take notes in fact.

However, when it comes to adding new features (as in, catching up with the
needs of a normal security application in 2014) and refactoring the
existing ones, pycrypto is deep frozen. Bug reports keep piling up and it
can easily take a couple of years for a pull request to finally end up in a
release.

Every now and then, I can read on the ML proposals and intentions for
major (and IMO, not entirely needed) overhauls, but they never seem to
translate into anything solid. Worse than that, their completion is set as
the
precondition for acceptance of any new feature, which further exacerbates
the problem.

What can be done to improve on that?
Would setting up a tip jar help?
Would a fork of the library be seen as hostile?

Finally, I am aware of the existence of the cryptography project [1].
It does *not* cover my needs and I do *not* agree with some of the
principles and motivations behind that design, though its dev and test
 processes are clearly sound.

[1] http://lists.dlitz.net/pipermail/pycrypto/2013q4/000702.html
[2] https://cryptography.io
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dlitz.net/pipermail/pycrypto/attachments/20140421/f3977b6a/attachment.html>


More information about the pycrypto mailing list