On Mon, 24 Feb 2020 at 05:42, Alexander Grund via Boost < boost@lists.boost.org> wrote:
I can't speak for the boost community, but I guess another big question mark is probably long term support and response to security vulnerabilities. I wouldn't be surprised, if people are reluctant to base the security of their communication on a lesser known library, when they can't be confident that bugs and vulnerabilities are getting fixed quickly.
I'd fear the same. Common usage of Boost is: Install specific version and stick to it until absolutely required to upgrade.
--> This longevity is not suitable for a crypto library which need to adapt to new threats quickly.
I'd hence suggest to make this a standalone version with CI tested against various boost versions (at least min. required, latest release and (opt) master) and use proper semantic versioning as well as good integration with build systems (I'd suggest CMake and/or Meson)
Yes, this, but why have (in case it's just a stand-alone component) a Boost component in the first place? This assumes thorough understanding of crypto (from the consumer), std-s are a problem and a c-api is the way to go, adopt some good ways-of-working, regarding crypto, use libsodium, or openssl. Also libsodium is actively developed and the devs are not distracted by C++, they can also not introduce nasty things/bugs related to C++, which is easy, the infamous foot-gun. You know what you get and it is guaranteed to work, even with VC-6 (or earlier) or on embedded. degski
However I can imagine that some Boost libraries may use that, especially if it integrates well enough
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
-- @realdegski https://brave.com/google-gdpr-workaround/ "We value your privacy, click here!" Sod off! - degski "Anyone who believes that exponential growth can go on forever in a finite world is either a madman or an economist" - Kenneth E. Boulding "Growth for the sake of growth is the ideology of the cancer cell" - Edward P. Abbey