[Cryptography-dev] Packaging ideas

[Alex Gaynor]

So, before I can start talking about solutions, I have to describe the use
cases.

1) Some folks need a very specific backend (i.e. pyOpenSSL) and right now
it's just assumed that that will come with `pip install cryptography`.
2) Some folks want to use cryptography as the API for non-traditional
primitives (e.g. scrypt), and `pip install cryptography` brings a lot more
than what they want.
3) Some folks want to type the letters AES, and don't really care where
that comes from.
4) Some folks want to type the letters "fab", and super don't care that
fabric needs a paramiko which needs an AES.
5) Some folks want to be able `pip install something` without getting an
OpenSSL, because OpenSSL is literally the worst thing in the world.

Invariants that must hold true:

* `pip install cryptography` gets you a thing that can AES (and whatever
other core algorithms we think are important)
* There's a thing you can `pip install` that gets you scrypt, but not
OpenSSL
* There's a thing you can `pip install` to definitely get some OpenSSL.

Solution:

We break things down into a few different packages:

* `pip install cryptography-core`: This contains all the primitives, all
the recipes, all the everything besides the backends/bindings
* `pip install cryptography-{openssl,scrypt,etc.}`: This contains the
backend/bindings for the specific thing
* `pip install cryptography`: This gets you a cryptography, and whatever
set of core backends we think are reasonable for your platform for doing
stuff like typing AES (and, god willing, then typing HMAC).

Thoughts?
Alex

-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140428/5a8c491c/attachment.html>