Qt Crypto Architecture for KDE4?
George Staikos
staikos at kde.org
Tue Sep 13 16:06:18 BST 2005
On Monday 12 September 2005 19:52, Justin Karneges wrote:
> On Monday 12 September 2005 03:26 pm, Thiago Macieira wrote:
> > Take a look at KOpenSSL's initialisation code: it tries several versions
> > of the SSL initialisation routines. That allows KDE to be mostly freed
> > from upgrading everytime OpenSSL is released. The same can be
> > accomplished by QCA with its plugin, but it will require (binary)
> > distributions to release a new package containing the recompiled plugin.
>
> The great thing about security is that the advancement is slow and the
> algorithms are clearly defined. There are rarely any surprises, and even
> when flaws are found (e.g. the recent stories about SHA-1), the basic
> principles remain unchanged (e.g. the definition of a hash).
>
> Thus, maintaining binary compatibility should be an easy task. In fact,
> the QCA API is based more around specs and ideas (drawing most from JCA and
> Botan) than any particular implementation, and so even if OpenSSL goes
> breaking binary compatibility to add some foo feature, there will likely be
> little effect on QCA.
The problem is linking. OpenSSL changes and now QCA (and anything linked to
QCA) crashes.
> With that in mind, there could be some features missing from QCA that KDE
> needs, and those will need to be looked into and discussed.
Probably not. We don't really use much of OpenSSL. The big issues, again,
are memory footprint and compatibility.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the kde-core-devel
mailing list