<div dir="ltr">Is PyCrypto dead?<br><br>If one had to judge from the speed security flaws are recognized,<br>fixed and disclosed [1], then no, pycrypto is definitely not dead.<br>Other, more active FOSS library should take notes in fact.<br>
<br>However, when it comes to adding new features (as in, catching up with the <br>needs of a normal security application in 2014) and refactoring the<br>existing ones, pycrypto is deep frozen. Bug reports keep piling up and it<br>
can easily take a couple of years for a pull request to finally end up in a<br>release.<br><br>Every now and then, I can read on the ML proposals and intentions for <br>major (and IMO, not entirely needed) overhauls, but they never seem to <br>
translate into anything solid. Worse than that, their completion is set as the <br>precondition for acceptance of any new feature, which further exacerbates <br>the problem.<br><br>What can be done to improve on that?<br>
Would setting up a tip jar help?<br>Would a fork of the library be seen as hostile?<br><br>Finally, I am aware of the existence of the cryptography project [1].<br>It does *not* cover my needs and I do *not* agree with some of the<br>
principles and motivations behind that design, though its dev and test<br> processes are clearly sound.<br><br>[1] <a href="http://lists.dlitz.net/pipermail/pycrypto/2013q4/000702.html">http://lists.dlitz.net/pipermail/pycrypto/2013q4/000702.html</a><br>
[2] <a href="https://cryptography.io">https://cryptography.io</a><br></div>