[ULS-SIG] Encryption and identity

Zooko O'Whielacronx zooko at zooko.com
Sun Jul 10 22:12:45 CEST 2011


I advise people not to use PyCrypto for things that could cause
serious harm by turning out to be insecure. (I don't know if this uls
project you're working on is merely a proof-of-concept or if it is
something that people might rely on.)

PyCrypto has a long history of bugs, security holes, and, well...
basically sloppy engineering practices. There are few or no tests. A
recent release of PyCrypto raised an exception on import,
demonstrating that not only does it lack automated integration testing
but that particular release also lacked manual integration testing.
I've heard a few times that the current maintainer would rather not,
but can't find anyone else to maintain it. Before him there were
several years of no active maintainer at all.

Regards,

Zooko


More information about the ULS-SIG mailing list