On Monday, 9 May 2016 at 10:44:13 UTC, ZombineDev wrote:
On Monday, 9 May 2016 at 09:35:18 UTC, sigod wrote:
On Monday, 9 May 2016 at 08:55:36 UTC, Jonathan M Davis wrote:
But given that std.net.curl handles stuff like SSL/TLS, we
_can't_ actually replace all of its functionality - at least
not without adding a dependency on a different C library,
since there's no way that it's sane to do the crypto stuff
ourselves without a crypto expert, and even then, we should
think twice about it. I could see implementing the SSL/TLS
protocols themselves but not the crypto they use. If we
replace std.net.curl, we likely should just provide the basic
HTTP functionality, and leave the rest to a dub package that
we move std.net.curl to.
Any chances that we can produce good crypto code over time?
And verify it with experts, of course.
https://github.com/etcimon/botan AFAIK, it is already used in
production by its author, in combination with libasync + vibe.d
+ http2 for a full stack D solution.
So what's the consensus on this issue?
Can't we simply move std.net.curl and etc.c.curl to undead and
just _not_ include it in Phobos?
Anyone reasonable will use requests [1], vibe.d's async
requestHTTP [2] or their home-grown library anyways. As mentioned
in another thread [3], Phobos is bloated with "old" modules that
wouldn't have made it through today's review process.
With DUB's "new" single file feature and DUB being bundled in the
DMD release process, any DUB library is just a header comment
away.
Moreover we can configure the DUB package to automatically
compile the curl sources, so that it won't create any troubles as
e.g. the people on Windows or the gdc maintainers experience.
[1] https://github.com/ikod/dlang-requests
[2] vibed.org/api/vibe.http.client/requestHTTP
[3]
http://forum.dlang.org/post/odbddahgxadkffbwc...@forum.dlang.org