I think section in readme about bindings is better than folding bindings code in this repository (like with Java).
Related issue: #255
Bindings authors: @toxeus @xenog @wanderer @afk11 @ludbb @DavidEGrayson @wink @dpc
[readme] Add section Bindings #381
pull fanatid wants to merge 1 commits into bitcoin-core:master from fanatid:feature/readme-bindings changing 1 files +11 −0-
fanatid commented at 7:45 PM on March 6, 2016: contributor
- fanatid renamed this:
[readme] Add section Bindigs
[readme] Add section Bindings
on Mar 6, 2016 -
[readme] Add section Bindings bfcf87471e
- fanatid force-pushed on Mar 6, 2016
-
gmaxwell commented at 7:57 PM on March 6, 2016: contributor
I disagree that we should be recommending bindings that we have not reviewed. Previously some bindings have compromised the security of the library. (e.g. the go bindings silently using insecure nonce generation).
-
dpc commented at 7:59 PM on March 6, 2016: none
@apoelstra : What's the story with https://github.com/dpc/bitcoin-secp256k1-rs ? Did you supersede it with some other repository?
-
-
gmaxwell commented at 8:18 PM on March 6, 2016: contributor
Directing people to things which may be insecure like that is just 'laundering' when we know the note would just be ignored-- it might be necessary but it's not sufficient: Assuming one of the bindings is incorrect (or even malicious) listing it with a note would be a boobytrap and incompatible with our design principle of being hard to misuse.
Bindings should be subject to peer review by cryptographers; same as the extern C interface of libsecp256k1, since it's functionally the same when used in different environments. The review will be easier when we finish documenting our design assumptions and objectives; since then the bindings could be checked against satisfying those properties.
-
dpc commented at 8:28 PM on March 6, 2016: none
@gmaxwell : People will just google "bitcoin bindings in X" or use search function in the package manager of the language of their choice etc.
IMO having a "big red warning" on the list here, and requiring projects listed in the list to have one in the README, is a win, as it has some chance of informing the potential users.
-
DavidEGrayson commented at 9:11 PM on March 6, 2016: none
Oh, I see you found my Ruby bindings. I haven't updated them since April 2015 so I suspect that they don't work with the latest version of the library. I was going to wait for you guys to release version 1.0.0 of the library before I work on that again. Once everything is polished up, I'd be happy to help cryptographers review it.
-
gmaxwell commented at 12:03 AM on March 7, 2016: contributor
We can include a warning without recommending any bindings: "Note that bindings to other languages may undermine the security of the library and have done so in the past. Great care should be taken when using bindings found on the internet as they may not be suitable for your purposes."
-
-
apoelstra commented at 5:33 PM on March 14, 2016: contributor
@dpc Sorry I missed this message. Yes, the rust libsecp bindings are now at https://github.com/apoelstra/rust-secp256k1
-
laanwj commented at 8:28 AM on March 16, 2016: member
I think if you decide to add a list of 'recommended' bindings then there should be a clear list of review criteria the projects have to adhere to, and a list of tests that it has to pass in the bound language.
But to take the task of 'vetting' projects is quite a responsibility and I can understand if @gmaxwell and al aren't willing to include that in their scope.
This may be better for a wiki article or such, with the appropriate warnings.
On the other hand, good bindings are important for adoption of the library. Putting the bar too high may result in people just ignoring advice, or rolling their own without cooperation and review of others.
-
fanatid commented at 8:46 AM on March 16, 2016: contributor
I'll glad if somebody will add this list into wiki.
- fanatid closed this on Mar 16, 2016
- fanatid deleted the branch on Mar 16, 2016
Linked (view graph)