Pure Haskell replacement for a dependency package

Marcel Fourné haskell at marcelfourne.de
Thu Feb 28 17:14:11 UTC 2019


Am 2019-02-22 um 13:46 schrieb Mikhail Glushenkov:
>Looking closer at eccrypto, I can identify the following issues:
>1) eccrypto has a larger dependency footprint than ed25519, which only
>depends on GHC boot libraries
>2) ed25519 is much better documented
>3) eccrypto is quite new and not as mature as ed25519, which is based
>on the reference implementation

Regarding those issues, I uploaded a new version of eccrypto with only
cryptohash-sha512 as a non-boot dependency. Since hackage-security
already depends on cryptohash-sha256 with its low depency footprint, I
thought it most prudent to go that route. Of course, the new code is
also analysed like the one from last release.
Documentation will follow, as well as scientific review.
Only the last part - being more mature than the ref10 C code - my code
will never be. ;-)

>However, I still think that we could accept a patch adding support for
>eccrypto as a compile-time option (not enabled by default).

I'll also start looking into making a patch for hackage-security
for review.


More information about the cabal-devel mailing list