[Python-Dev] Cryptographic stuff for 2.3

M.-A. Lemburg mal@lemburg.com
Mon, 28 Apr 2003 12:00:29 +0200


Guido van Rossum wrote:
>>I'd hate to see sha removed from the standard distro.
> 
> 
> Me too; I don't see sha or md5 as crypto.  I'm only against adding new
> *crypto* capability.

Hash algorithms are usually not regulated as crypto code -- even
though they can be used for such purposes; see e.g. shaffing and
winnowing:

    http://theory.lcs.mit.edu/~rivest/chaffing.txt

> I'm also for isolating existing crypto capability so it's easy to
> remove for anyone who has a need for a crypto-free distribution.  I
> think we're already doing that, given that even on Windows, the SSL
> module is a separate DLL.

We could wrap up the following set:

a.installer with crypto code + notice that downloading and using
   this version is illegal in some countries and that the downloading
   and/or reexporting the installer to certain countries is not
   legal

b.installer without crypto

c.crypto package as distutils installer with the same notice
   as for the combined package

Or we just do b and c and leave a to companies like ActiveState.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Software directly from the Source  (#1, Apr 28 2003)
 >>> Python/Zope Products & Consulting ...         http://www.egenix.com/
 >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
EuroPython 2003, Charleroi, Belgium:                        57 days left