Break things, write reports

Rust Crusaders - Python Cryptography

'My work to promote language-level memory safety will continue unabated.'

Tags — | dev | python | pyca | cryptography | github | Categories: — rust crusade | news |
Posted at — Feb 28, 2021

If you didn’t see, a python crypto library (arguable, the python cryptography library) was updated to no longer use C and instead opt to use rust. This broke a lot of people’s CI pipelines, which seemed like a massively overblown problem (protip - you can update your CI runners to have rust support, it’ll work fine, trust me).

The thread is pretty funny and full of silly comments, some of which I’d like to highlight below.

“my 2c”

"So the only "reason" for this change is to use a "actual safe language"? ...ahhh...yeah...
But blowing up systems with unnecessary software packages is a more secure way, that's for sure...
(my 2 ยข)"

https://github.com/pyca/cryptography/issues/5771#issuecomment-775019484

38 upvotes, 102 downvotes.

War and peace

Some guys essay on why the maintainers hate their users:

Linux developers don't know all of their users. But they trie to care about all of them, whether they know them, or not. Linux developers care about their users. You don't.

https://github.com/pyca/cryptography/issues/5771#issuecomment-775520684

3 upvotes, 22 downvotes

Deterministic build systems

Some guy laughing at nondeterministic build systems:

https://github.com/pyca/cryptography/issues/5771#issuecomment-775520897

You say you know who your users are.

Someone upset that cryptography don’t know their users:

@MrMino I did read the thread - the advice given here is passing the blame to someone else (in this case - users). Strongly echo what @ignaloidas has pointed out very well - You say you know who your users are. You don't

https://github.com/pyca/cryptography/issues/5771#issuecomment-775531858

Writing safe C

Someone talking about writing secure C:

https://github.com/pyca/cryptography/issues/5771#issuecomment-775697527

Which is shortly countered by a usenix presenter attesting to the horrors of writing bad C:

https://github.com/pyca/cryptography/issues/5771#issuecomment-775971272

Someone being mean to a USENIX presenter on memory safety, calling it confirmation bias:

https://github.com/pyca/cryptography/issues/5771#issuecomment-775971272

In my opinion, the best line is the second last one in the entire issue:

My work to promote language-level memory safety will continue unabated.