Re: Cryptokit.Random unsuitable in cooperative multithreaded systems

[Anil Madhavapeddy <anil@xxxxxxxxxx>]

On 24 Apr 2013, at 22:12, Vincent B. <vb@xxxxxxxxx> wrote:

> On 24/04/2013 20:37, Anil Madhavapeddy wrote:
>> Good catch; I've just updated OPAM with Cryptokit 1.7.
>> 
>> Vincent, I'd strongly recommend submitting patches like the SHA-256 ones 
>> upstream to Xavier to review, as a crypto library isn't something to fork 
>> lightly.  Having said that, I've been sitting on some DSA patches since 
>> 2006, so I'll also do the same :-)
>> 
>> -anil
> 
> I sent him a mail at the time, he never replied. It is not about SHA256 but 
> SHA512 btw. I would be happy if he included the code upstream. Where should I 
> give him the code do you believe (since he doesn't seem to answer mails).

A google search revealed the homepage of Cryptokit is:
https://forge.ocamlcore.org/forum/forum.php?forum_id=875

where you already have an issue open:
https://forge.ocamlcore.org/tracker/index.php?func=detail&aid=1223&group_id=133&atid=629

but you just pointed to your repository instead of a concrete patchset. For a 
busy upstream author, it's useful to include a concrete patch in the e-mail, 
and a description of why you need it and how you tested it.  If you don't get a 
response, a followup in a month or so with any additional testing and tweaking 
you've done is a useful way to get their attention again.

If you still need it after a while, then a fork is ok, but it's always 
courteous to inform the author that you've done this, and why (in this case, no 
response).

So in this situation, I would improve the bug report with a patch against 1.7 
and follow up to Xavier with the rebased patch to the latest release.  And a 
belated question: why do you need SHA-512, out of interest?

-anil