Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
I welcome suggestions for improved text. I agree that the intersections of the various licenses can be a bit confusing.
I guess it will be easier when we have moved to LGPL. Then it's going to take some effort to write a perl program which use these bindings and violate the licensing terms. (With the GPL, I'm actually not sure myself under which circumstances the perl program would have to be GPL:ed).
Section 6.2.11 of http://www.lysator.liu.se/~nisse/nettle/nettle.html actually lists them twice.
Ooops. Fixed now.
My problem with this is that i then have to handle the case where the user invokes process() without having remembered to set a key.
Can't you just raise some error ? You'd need to have some flag to remember if it's been initialized, but you need that anyway for the is_encrypt method, right?
I'm actually not enforcing any of these constraints in the perl code -- they'll just crop up if the user passes the wrong data down to the library underneath.
That seems a bit dangerous. I thought the principle was that it shouldn't be easy to write perl code which triggers some assertion failure in some C routine.
interesting -- is GCM part of nettle itself, or do you think i should implement it in the perl wrapper? I didn't see any mention of GCM in the online docs.
It's in the CVS version of Nettle, but not yet in any release. Maybe most of the discussion was private rather than on this list?
Regards, /Niels