On Sun, Nov 27, 2011 at 9:27 AM, bcs <span dir="ltr">&lt;<a href="mailto:bcs@example.com">bcs@example.com</a>&gt;</span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On 11/26/2011 04:19 PM, Brad Anderson wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
How about putting a disclaimer on the module warning the code hasn&#39;t<br>
been through a rigorous security audit and point them at well<br>
established C libraries if they need that sort of assurance.<br>
</blockquote>
<br></div>
What does that gain over implementing the first itteration in terms of well established C libraries and then replacing that with native implementations as the code goes been through a rigorous security audit?<br>
<br>
Or how about do both as API compatible implementations? That would work for people who need the proven security and people who can&#39;t afford external dependencies as well as allow them to be swapped out for each other with minimal effort once the native code is proven.<br>

</blockquote></div><br><div>That&#39;s even better but isn&#39;t the issue over bundling incompatibly licensed libraries with phobos?  Nothing is stopping someone from writing bindings for these libraries as some random library on D Source or Github already.  An agreed upon API would be very nice in any case.</div>