On Sun, Nov 27, 2011 at 9:27 AM, bcs <bcs@example.com> wrote:
On 11/26/2011 04:19 PM, Brad Anderson wrote:What does that gain over implementing the first itteration in terms of well established C libraries and then replacing that with native implementations as the code goes been through a rigorous security audit?
How about putting a disclaimer on the module warning the code hasn't
been through a rigorous security audit and point them at well
established C libraries if they need that sort of assurance.
Or how about do both as API compatible implementations? That would work for people who need the proven security and people who can't afford external dependencies as well as allow them to be swapped out for each other with minimal effort once the native code is proven.