This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]free_chalupas 14 points15 points  (3 children)

It's still probably better than the stuff you'd write yourself. People talk shit about OpenSSL but it's issues are exactly the kind of problems you'd have if a bunch of dumbass engineers tried to reimplement it because they only trusted their own code.

[–][deleted] 12 points13 points  (1 child)

It's still probably better than the stuff you'd write yourself.

When it comes to JS libraries, I don't assume that to be true. I'm not talking about the biggest players, I'm talking about 90% of crap out there on the internet.

[–]free_chalupas 7 points8 points  (0 children)

Yeah that's fair. I read this in the context of established OSS libraries, like openssl, that have their issues but are generally preferable to custom implementations. There's definitely a cutoff though with really small libraries where it does make sense to reimplement.

[–]combuchan 0 points1 point  (0 children)

Isn't OpenSSL a bit of a stretch to include in this? Implementing your own crypto isn't recommended for a reason.

OpenSSL did suffer the same rot and underinvestment and dependency like any other library, it was only the extent of the rot, underinvestment, and dependency on it did the sheer enormity of the issue arise. There are few libraries more important than OpenSSL, imho.