On 1/10/16, 3:39 PM, "Scott Arciszewski" <sc...@paragonie.com> wrote:
>On Sun, Jan 10, 2016 at 3:18 PM, Tom Worster <f...@thefsb.org> wrote: >> On 1/7/16 11:24 AM, Pierre Joye wrote: >>> >>> What I do not like too much is the addition of an extension with >>> (relatively) low level functions for one specific library. It does not >>> really matter how good is this specific library, I simply do not see >>> such addition as a good strategic move. >> >> >> I also worry that it's yet another thing to maintain. The more API you >>offer >> to the PHP programmer, the more responsibility you take on. >> >> Tom > >Except two things: > >1. I'm trying to get rid of mcrypt, bringing the net change of >cryptography libraries to maintain to 0, but still improving the >cryptography library availability significantly. >2. I'm willing to maintain it, so you're gaining manpower with this >change. > >I'd argue that, strategically, what I've proposed across several RFCs >is superior to maintaining the status quo. A high-level API that plugs into Sodium, Open,Libre,BoringSSL (and maybe etc.) in addition to a low-level libsodium API is more responsibility in total than only high-level API. So "relative to the status quo" isn't the only interesting perspective. Unless I misunderstand your proposal. Are you saying that you are only interested in working on the high-level API if libsodium moves to core? In that case the other perspective isn't relevant. Tom -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
