Dave Brueck <[EMAIL PROTECTED]> writes: > >>m2crypto (plus some patches to make asynchronous SSL do what we needed). > > That seems to be a nice piece of code, but it's still at version > > 0.13; > > Version numbers are fairly relative, though. In another project we're > using some proprietary, closed source libraries (unrelated to crypto) > that are version 3 and they seem buggier and less stable than m2crypto.
Yeah, OpenSSL itself is something like 0.97, which however does sound closer to a final release than 0.13 of anything. > Having said that - I think we probably *would* use it for production > financial transactions - but that's more a matter of closed vs. open > source than Python vs not. That makes some sense; once you have the code in-house and the expertise to evaluate it and maintain it, it's at least no worse than something you wrote yourself. If you just downloaded it and plopped it into your application with your eyes closed, that might be asking for trouble. > > There's also been some traffic on the > > python-crypto list about Zope encountering memory leaks with it. > > Ok... so? I mean, if there's a memory leak, and it's hurting us, we > have options: ... I just mean the memory leak is a symptom that the software isn't yet completely debugged. > Memory leaks aren't exactly unique to Python - according to > bugs.sun.com, there are currently 382 *open* bugs related to memory > leaks in the JDK alone. Are any of those memory leaks in JSSE? It's one thing to have a problem in some noncritical GUI widget, another to have it in the crypto code. -- http://mail.python.org/mailman/listinfo/python-list
