[issue8998] add crypto routines to stdlib
report at bugs.python.org
Sun Sep 19 02:37:08 CEST 2010
Antoine Pitrou <pitrou at free.fr> added the comment:
> Since libtomcrypt is public domain, you could incorporate the source
> into the tree without making it a binary dependency.
And then we have to maintain our copy ourselves. I'm not sure why you
think this is better than depending on a system-wide install, because
it's certainly worse.
(we do have private copies of a couple of libraries: zlib, expat,
libffi. The first two are probably for historical reasons (the
system-wide versions are used by default), while the third is because
> I certainly wouldn't mind having 1 dependency on NSS, but having 2
> modules depend on OpenSSL is a step in the wrong direction.
Perhaps you wouldn't mind, but others would (especially packagers;
including ourselves since we build binary packages for Windows and Mac
> It took several years until someone like Marc-Andre Lemburg to find
> that the Python website might be violating that license. Perhaps the
> reason is because no one bothers to read licenses carefully. People
> are probably violating the license without knowing it.
The solution to stop violating it is trivial, though: just add the
Compare that to rewriting a lot of code and making sure it doesn't
change behaviour compared to previous Python versions.
> One is that if you mention something like "base64" in whatever could
> be deemed "advertising", you will be subject to this clause because
> base64 is a feature of OpenSSL, even if you don't use their
Unless "base64" is an OpenSSL trademark, this is FUD.
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list