[OTR-users] Pretty-please standardize OTR signature storage, per OS.

subharo at hushmail.com subharo at hushmail.com
Mon Sep 9 12:48:57 EDT 2013


On Sun, 08 Sep 2013 21:49:34 -0400 "Tamme Schichler" 
<tammeschichler at googlemail.com> wrote:
>> Also: what language would you have it be written in, such that 
>one
>> lone executable file has no other dependencies that don't 
>already
>> exist in the available libraries in stock OS installs (where 
>it'll
>> be used).
>
>A higher-level platform-independent language like Python would 
>make 
>compatibility much easier but I don't know if there is one that 
>works 
>without a standard library or framework. Python installations are 
>not as 
>common on Windows as they are on Linux from what I've seen.

Actually, I personally think Python would be the best choice.  Why?

-Python code is famous for being very tidy and simpler to read.  
This is important for a crucial security-sensitive program such as 
the one we're discussing, so security professionals can easily 
review the code and vet that there's nothing malicious in it.  In 
my opinion, reviewing perl code is much harder, as it's much 
uglier, IMHO, and there seems to be about 6 ways to do pretty much 
anything and everything (and no two perl programmers are likely to 
do everything in the same way, to anywhere the degree you'd see two 
developers developing python code that has similar functionality).  
A perl code reviewer may be frustrated at the need to learn some of 
6ish alternate ways wherever appropriate, to do an effective review.

-By using Python, I think it would help speed up development time, 
and minimize overall time to gain acceptance by the OTR community 
as trustworthy.  It takes way less Python code to accomplish the 
same job as comparable C(++) code.  I've heard that a ratio of 1:10 
(of lines of python compared to lines of C++) is common.

-You can trust that any virtually linux distro already has Python 
available (certainly the top five), or failing that, it's easily 
installable from the package management system.  As to Windows, 
imposing a Python dependency on them is something I feel 
comfortable with.  Speaking tongue-in-cheek here: what security-
conscious user (you know, the kind who wants to use OTR in the 
first place) would want to continue using Windows anyway, after 
hearing news like this?  "How NSA access was built into Windows": 
http://www.heise.de/tp/artikel/5/5263/1.html

-Gajim (which supports OTR) notably uses python already as their 
primary language.

Cheers!




More information about the OTR-users mailing list