[zeromq-dev] Defaulting to tweetnacl?

Roland Fehrenbacher rf at q-leap.de
Tue Mar 1 14:51:26 CET 2016


>>>>> "P" == Pieter Hintjens <ph at imatix.com> writes:

    P> Frank, Thanks for your opinion. You hit it spot on, I think. It
    P> is really a relief to have security by default without any
    P> external packages.

    P> Roland, would this work? Package for Debian using libsodium?

I'm a bit confused now. I thought the point of your original mail was
that tweetnacl will be the default from now on and kind of substituting
libsodium. If that is so, the suggested path for Debian would be to drop
libsodium in favor of tweetnacl as well, with tweetnacl linked in as an
external lib, just like libsodium currently is.

If on the other hand you decided to keep tweetnacl in the zmq code, for
Debian, one would have to drop that part (DFSG modified source as
mentioned before) and create patches that make zmq build fine with an
external tweetnacl.

Alternatively, you could probably say "What the heck
with tweetnacl: We fully integrate it into zmq, respect the copyright
and otherwise treat it, as if it was an original part of zmq from the
beginning". I don't see why Debian couldn't live with this. So the only
hurdle for this approach would probably be, to get the consent of the
original authors.

Please enlighten me, if I'm on a completely wrong track.

Roland

-------
http://www.q-leap.com / http://qlustar.com
          --- HPC / Storage / Cloud Linux Cluster OS ---

    P> On Tue, Mar 1, 2016 at 12:03 PM, frank <soundart at gmx.net> wrote:
    >> Hi,
    >>
    >> I added tweetnacl to libzmq in 2014 and would like to add my
    >> opinion too.
    >>
    >> tweetnacl as it is integrated now is very nice for people
    >> starting with compiling from source e.g. developers using higher
    >> level languages like python and requiring latest code changes.
    >> - it will just work and produce not too many problems.
    >>
    >> Removing tweetnacl from the libzmq source distribution and using
    >> e.g. a tweetnacl debian package for debian libzmq will hurt in
    >> two ways:
    >>
    >> - There will be again libzmq builds without encryption at all
    >> - libzmq on debian will not use libsodium and probably have a
    >>   slower libzmq
    >>
    >> So i would say:
    >>
    >> - Make tweetnacl default for source builds and leave it inside
    >>   the
    >> libzmq tar ball.
    >> - Add a recommendation to the documentation advising people
    >>   producing
    >> binary packages to link to libsodium
    >>
    >> kind regards Frank
    >>
    >>
    >>
    >>
    >>
    >>
    >>
    >>
    >>
    >>
    >>
    >>
    >>
    >> _______________________________________________ zeromq-dev
    >> mailing list zeromq-dev at lists.zeromq.org
    >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
    P> _______________________________________________ zeromq-dev
    P> mailing list zeromq-dev at lists.zeromq.org
    P> http://lists.zeromq.org/mailman/listinfo/zeromq-dev

-- 



More information about the zeromq-dev mailing list