Its been a week since I posted in the project devlog about the initial submission the Botan / Cryptography Community Project Proposal, without much fanfare or fuss. For those who haven’t been living in the devlog with me, this might easily have escaped your notice. As such, it was keenly suggested that I post this in its own topic, for better visibility and coordination.
Last week, I officially submitted my initial draft of the Botan / Cryptography Community Project Proposal to the Haskell Foundation - this proposal was several weeks in the making, so many thanks to all who have already provided feedback, please keep it coming
This proposal is an excellent idea, and will be very useful. Especially given how well and aggressively Botan is maintained.
On the downside, while most of the current code of the “Botan Haskell” compiles, the only meager description how to use it seems outdated.
It would be great if there was a short document describing how to build and run a sample code, given system-wide installed Botan library, and compiled “Botan Haskell” somewhere on the local filesystem.
Is there a deadline for submissions? I just heard about this from Lemmy. I’ve done some industrial crypto implementation and I do want to post some comments, but it will take me a few days due to RL stuff. I only manage to take a quick glance at the proposal for now. I prefer to post here or on the Haskell gitlab rather than on Microsoft. I hope that is ok.
I don’t think there will be a deadline for comments any time soon, so take your time and share your comments when RL stuff settles down and you have the time to take a look
Thanks! Better build instructions and examples / tutorials are definitely on the horizon, once the low-level stuff is solid.
@solrize
I’ve been putting together an update to the proposal based on the 50+ pieces of feedback that I’ve gotten so far, and then I’ll be wanting to get feedback on that, so there’s no rush
Better build instructions and examples / tutorials are definitely on the horizon, once the low-level stuff is solid.
In my opinion, delaying with instructions etc. until low-level stuff is solid is not beneficial - because it greatly limits the exposure of your code to other users, thus preventing them from spotting and reporting bugs rather sooner than later.
The proposal has been updated to account for all of the feedback provided thus far. There have been a good number of changes and improvements:
Narrowing of focus to Botan bindings
Removal of confusing ‘leg’ terminology
High-level abstractions have been removed in favor of a future proposal
Clarification of goals
Added build instructions and CI as a goal
Added test vectors as a goal
Improved problem statement, risks, stakeholders
Thanks to everyone who has so far contributed. Working with everyone here keeps everything at a reasonable scale, tight and in the now. The additional insight and tact that you all have provided have made this document a far more thorough and accurate proposal than I would have otherwise achieved.
@mouse07410 You are correct. I’ve moved build instructions up in priority from Important to Urgent-and-Important
Final proposal update time? Final call for feedback!
I’ve updated the proposal again, changes are minor this time:
Wording improvements
cryptohash-* variants mentioned
Clarification of ownership
Clarified that Boolean proposal is out of scope
Added tasty-bench benchmarks for Bcrypt and SHA3 to performance section
This is intended to be the final draft, and this is the final call for feedback - unless there is any further feedback that necessitates editing, I’ll be officially submitting it as the final draft proposal on Monday.
There has been no additional feedback since the last update, and so I suppose now it is time to move on to the final step of this proposal, and officially ask the TWG committee to give a recommendation.
Thanks to everyone who gave feedback for participating!
