<div dir="ltr">I think you're going to get mostly anecdotal answers to this, fairly personal to whoever is answering it, but here's what I consider important:<div><ul style><li style>Clean, modern, easy-to-use API (that limits your ability to accidentally misuse stuff)</li>
<li style>Modularity</li><li style>Rapid development/developer-friendly codebase</li><li style>Nice documentation (willing to contribute to this personally)</li><li style>Elliptic curve cryptography (ECC)</li><li style>Ability to install via pip, even on machines that don't already have libsomething installed.</li>
</ul><div style>Conversely, I don't care about the following (although some/many probably will):</div></div><div style><ul style><li style>Backwards compatibility. As long as there's documentation, I'd rather deal with the byproducts of progress than a crippled interface.</li>
<li style>Distro packaging.</li><li style>Internal details of how PyCrypto works, as long as it fulfills the above wishlist.</li><li style>Legacy Python versions (your definition matches mine).</li><li style>License, so long as I can use it from an LGPL package (which seems compatible with Apache2)</li>
</ul><div style><br></div><div style>Hopefully this feedback helps!</div><div style><br></div><div style>Philip Horger</div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Oct 29, 2013 at 11:58 PM, Dave Pawson <span dir="ltr"><<a href="mailto:dave.pawson@gmail.com" target="_blank">dave.pawson@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 30 October 2013 06:09, Dwayne Litzenberger <<a href="mailto:dlitz@dlitz.net">dlitz@dlitz.net</a>> wrote:<br>
<br>
> 1. How many of you would really care if PyCrypto 2.6 was that last<br>
> version to support legacy versions of Python? By "legacy", I mean all<br>
> versions of Python that are NOT one of these:<br>
><br>
> - Python 2.6.x<br>
> - Python 2.7.x<br>
> - Python 3.3 and above.<br>
><br>
> I'd continue to make bugfix releases of PyCrypto 2.6.x, but add no<br>
> more substantial new features.<br>
<br>
</div>For some reason, Fedora is still pushing Python 2.7, so I'd be happy<br>
with this position.<br>
<div class="im"><br>
<br>
<br>
<br>
> 4. What if Crypto.* became a wrapper around some other crypto library?<br>
<br>
</div>What logic please?<br>
<div class="im"><br>
<br>
<br>
> Of particular concern is FOSS distributors packaging PyCrypto (e.g. Linux<br>
> distros, *BSD ports trees, MacPorts/HomeBrew, etc.), and anything else that<br>
> might impact a large number of downstream end-users.<br>
<br>
</div>Fedora seems a long way behind with the Python versions.<br>
<div class="im"><br>
<br>
><br>
> I'm beginning to wonder how the risk of downstream forks compares to the<br>
> risks that users face when developers still don't have a highly-visible,<br>
> easy-to-use Python crypto API. It might be better to merge PyCrypto with<br>
> one or more other Python crypto libraries...<br>
<br>
</div>I'll leave that to the more knowledgable.<br>
My position is I'm grateful for the code - meets my needs.<br>
<br>
regards<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
--<br>
Dave Pawson<br>
XSLT XSL-FO FAQ.<br>
Docbook FAQ.<br>
<a href="http://www.dpawson.co.uk" target="_blank">http://www.dpawson.co.uk</a><br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
pycrypto mailing list<br>
<a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br>
</div></div></blockquote></div><br></div>