On 26/08/16 15:11, Brian Anderson wrote: > There are many benefits to this approach. Advancing Rust crypto is > perennially a high-priority strategic nice-to-have in Rust, but so far we > have not been able to find the right motivation to put weight behind it. > Any time there is a glimmer of opportunity for Mozilla to accelerate Rust > crypto we should try our hardest to take it. It is notable that we have not > done so yet. Rust is probably, if not obviously, one of the best platforms > there is for cryptographic and security software, and delivering a > high-quality solution would generate widespread attention and goodwill for > Mozilla, and have compounding effects for the entire Rust ecosystem.
To reinforce this a small amount: another thing Mozilla is doing is Secure Open Source, a fund for helping open source projects be more secure. At the moment, it's focussed on providing source code audits and fixing the immediate bugs, but we hope to expand the scope in 2017. One of the things we are looking at is how Rust can feature in that wider scope. I personally think that the existence of a fully-Rust modern TLS stack (usable in otherwise-C applications) would be a very good thing for the world, and entirely consonant with Mozilla's mission to make the web a better and more secure place. We have identified this as something we'd like to see, but it's too big a project for SOS Fund to take on at the moment. However, while SOS Fund is not about funding Mozilla's priorities, Servo moving in this direction might well encourage us to put our shoulder to the wheel as well in some way. Gerv _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
