[pycrypto] Need your input: Major modernization; dropping legacy Python support?

Dwayne Litzenberger dlitz at dlitz.net
Tue Jul 1 17:16:59 PDT 2014

On Sat, Feb 22, 2014 at 09:50:50PM +0100, Sebastian Ramacher wrote:
>On 2014-02-06 09:51:39, Dwayne Litzenberger wrote:
>> I'm thinking of merging with the folks at https://cryptography.io/,
>> which is covered by an Apache 2.0 license.
>What is the merge going to look like?

The idea is to remove most of the redundancy between PyCrypto and 
Cryptography, and combine the two communities that maintain them, so 
that we have more eyes looking at less code, and it should remove me as 
the bottleneck in all PyCrypto development.

PyCrypto would provide the Crypto.* API using the Cryptography framework 
under the hood.  The Cryptography API is divided into high-level Python 
APIs, and native cipher backends that are pluggable (at least in theory) 
and accessed using cffi.

Currently, only an OpenSSL backend is actually implemented, which 
creates a licensing issue for GPLv2-only software, but we could probably 
put together a backend using either the existing PyCrypto code, or maybe 
something like libtomcrypt or libgcrypt.

I'm also talking with the Cryptography folks about ways we can resolve 
the GPLv2-incompatibility of Cryptography itself.  I'll have more on 
that later.

 - Dwayne

[1] https://github.com/pyca/cryptography

Dwayne C. Litzenberger <dlitz at dlitz.net>
  OpenPGP: 19E1 1FE8 B3CF F273 ED17  4A24 928C EC13 39C2 5CF7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 222 bytes
Desc: Digital signature
URL: <http://lists.dlitz.net/pipermail/pycrypto/attachments/20140701/03892ea2/attachment.sig>

More information about the pycrypto mailing list