On Mon, 25 Jun 2018 07:59:47 +0200 Hanno Böck wrote: > On Fri, 22 Jun 2018 21:50:50 -0500 > "Marty E. Plummer" <hanet...@startmail.com> wrote: > > > So, as you may be aware I've been doing some work on moving bzip2 to > > an autotools based build. Recently I've ran into app-crypt/mhash, > > which is in a semi-abandoned state (talking with the maintainer on > > twitter atm), and I was thinking it may be a good idea to set up a > > project for keeping these semi-abandoned and really-abandoned > > libraries and projects up to date and such. > > This is a common problem, however if you want to make this reasonable > you wouldn't make it a gentoo thing, but a cross-distro effort. The > idea has been tossed around a lot, but noone yet started implementing > it. > > However keeping things alive may not always be the right option. > There's a reason mcrypt is abandoned. It's an ancient crypto library, > crypto is moving forward, there are better options.
Do you have any evidence that mcrypt should not be used? Symmetric cryptography is quite conservative and it took years and even decades for algorithms and their implementations to become trusted, so there is nothing wrong in using good old verified software. Actually for local symmetric encryption this is the best tool I know. Best regards, Andrew Savchenko
pgpwPymO8y5c2.pgp
Description: PGP signature
