svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys
Mark R V Murray
markm at FreeBSD.org
Sun Apr 16 21:17:42 UTC 2017
> On 16 Apr 2017, at 20:26, Dag-Erling Smørgrav <des at des.no> wrote:
>
> Mark Murray <markm at FreeBSD.org> writes:
>> Added:
>> head/sys/crypto/chacha20/chacha.c (contents, props changed)
>> head/sys/crypto/chacha20/chacha.h (contents, props changed)
>
> Really? You committed this code despite having been informed of its
> dubious legal status, and despite knowing full well that another
> implementation was already available?
"Dubious legal status"? Please go and look at the chacha that OpenSSH uses.
You will find it strangely familiar.
You informed me *that* you had written another implementation. You didn't
inform me *when* you were going to pull the trigger.
The time between warning me and committing was a shade over 2 hours.
The fact that 1) yours is optional (arc4random needs standard) 2) your API
is incompatible and 3) both code-sets can co-exist without conflict means
that there is no technical problem, except for the time taken adapt to your
API and bikeshed out the module "standard" vs "optional" status. Oh, and
the time to retest everything.
In the past you have made me wait *months* to make changes to my own code.
Your commit took 2 *hours* between first warning of commit and it hitting
the tree.
You can't say you didn't know my commit was imminent. I had just gotten
a green light from the SO a day or so before.
Here's the timeline:
18th March: I open D10048 - a change that replaces RC4 with ChaCha as
underlying algorithm for arc4random(9). I choose the OpenSSH copy
of chacha.c.
21st March: A brief exchange of emails where DES' Chacha is announced
as existing. No timeline for its committal is discussed.
Fri 14th April, 2:58: SO Green-lights my commit after a few rounds of
changes and discussion.
Sat 14th April, 17:45: DES Adds himself to the reviewer list of D10048
for the first time and makes this comment "Please allow me some time
to commit my Chacha20 implementation first so we can use that instead
of the legally dubious version which is included in this patch. I hit
a snag that I haven't had time to debug, but I'm hoping to have it done
by Tuesday."
Sat 14th April, 19:54: DES make this comment: "Turns out the snag was
that I was loading the wrong version of the module. I have committed
it now (r316982). If anyone is interested, I have a version that
includes test vectors and runs self-tests when loaded, but I removed
them from the final version as they are about six times larger than
the actual code."
DES - are you kidding me??! 2 hours 9 minutes warning? I already had
a green light; I wan't watching Phabricator, I was prepping my commit!
"Please allow me some time", then you drop your warning from 3 days
to 2 hours!
M
--
Mark R V Murray
More information about the svn-src-all
mailing list