On Sat, Aug 04, 2018 at 11:43:28AM +0300, Andrew Savchenko wrote:
> On Mon, 25 Jun 2018 07:59:47 +0200 Hanno Böck wrote:
> > On Fri, 22 Jun 2018 21:50:50 -0500
> > "Marty E. Plummer" <[email protected]> wrote:
> >
> > > So, as you may be aware I've been doing some work on moving bzip2 to
> > > an autotools based build. Recently I've ran into app-crypt/mhash,
> > > which is in a semi-abandoned state (talking with the maintainer on
> > > twitter atm), and I was thinking it may be a good idea to set up a
> > > project for keeping these semi-abandoned and really-abandoned
> > > libraries and projects up to date and such.
> >
> > This is a common problem, however if you want to make this reasonable
> > you wouldn't make it a gentoo thing, but a cross-distro effort. The
> > idea has been tossed around a lot, but noone yet started implementing
> > it.
> >
> > However keeping things alive may not always be the right option.
> > There's a reason mcrypt is abandoned. It's an ancient crypto library,
> > crypto is moving forward, there are better options.
>
> Do you have any evidence that mcrypt should not be used?
>
> Symmetric cryptography is quite conservative and it took years and
> even decades for algorithms and their implementations to become
> trusted, so there is nothing wrong in using good old verified
> software.
>
> Actually for local symmetric encryption this is the best tool I
> know.
>
> Best regards,
> Andrew Savchenko
It seems that every last person commenting on this is talking mcrypt,
not mhash, which is what I mentioned in the first place. As far as I can
tell, these are entirely differnt projects which just happen to have a
similar name.
