Re: GNU Emacs-libnettle-libhogweed integration patch v1

[Ted Zlatanov]

On Sun, 06 Oct 2013 12:51:39 -0400 Stefan Monnier <address@hidden> wrote: 

>> This is the first cut of the Nettle integration for your review.
SM> I generally dislike adding library dependencies to Emacs, even for
SM> libraries on which we already depend transitively.  So, there has to be
SM> a very good use case for it.

SM> Currently, I don't see such a use case, so I'm not interested.

I certainly hope others see the utility of the work, especially so I can
implement OpenPGP support and avoid depending on the external GnuPG
binary for verifying package signatures.  It would also let me implement
binary signatures of Emacs data (to make sure it's not corrupted) and
true secrets (Lisp data strings that can't be decoded without the right
key).  But I've stated all this already, so it's unfortunate that I have
to restate and defend it.

Meanwhile I will try to finish the patch, but it's discouraging to have
to argue for basic security in Emacs for years and to spend significant
time writing code that will hang in limbo and may need to be
significantly rebased by the time it's accepted (if ever).

SM> Implementing an FFI would of course make it unnecessary for you (or
SM> anyone else) to convince me first, so I encourage you to work on the FFI
SM> as a first step.

Well, sure, I'd love to, if I knew anything about the topic.  I can help
document and test things, and maybe review some of the code.  My primary
concern is that I have to redo a significant amount of work by the time
the Nettle patch is accepted, so it would have been nice to state your
opposal earlier.  I certainly stated my intentions clearly.

Thanks
Ted