Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate backend to rust #8770

Closed
22 tasks done
alex opened this issue Apr 21, 2023 · 15 comments
Closed
22 tasks done

Migrate backend to rust #8770

alex opened this issue Apr 21, 2023 · 15 comments

Comments

@rozhuk-im
Copy link

How to use python staff on platforms without rust support?

@alex
Copy link
Member Author

alex commented Nov 15, 2023

Cryptography has required rust for more than 2 years. This issue does not change that, it merely uses rust for an additional area of functionality.

To use cryptography on a platform without rust support, you'll need to add rust support for that platform.

@rozhuk-im
Copy link

Who will pay for adding rust to new platforms?

@alex
Copy link
Member Author

alex commented Nov 15, 2023 via email

@rozhuk-im
Copy link

Ok, I see.
Project without moderation, responsibility and plans.
Since this is one of base python packet that widely used, all python products may be broken in any time on any platform.
This is bad for business and for users.

I will avoid python based projects and will recommend to avoid for other peoples.

@alex
Copy link
Member Author

alex commented Nov 15, 2023 via email

@rozhuk-im
Copy link

Using rust was wrong way, that reduce supported platforms count and increase support costs for whole industry.

After this project get rusted - I spend to many time with outdated or broken py-cryptography package @ FreeBSD.
I do avoid projects that create problems instead of solve them.
Python ecosystem have a lot show stopper problems and this is +1.

If you want to speak about investing to some platform you should have business plan/commercial offer.

@alex
Copy link
Member Author

alex commented Nov 15, 2023 via email

@rozhuk-im
Copy link

Good luck with rust on non amd64 h/w.

@alex
Copy link
Member Author

alex commented Nov 15, 2023

We actively ship this package for arm64 (for Linux and macOS). Rust declares support (at various tiers) for FreeBSD with x86-64, x86, arm64, arm32, ppc64, powerpc, and riscv. What platform are you concerned for?

@rozhuk-im
Copy link

Using wget | sh to install rust looks like ugly joke.
Build rust outside amd64 takes a lot of time, require some skills and h/w with enough resources.

Python packages - another one strange idea, since it depend on OpenSSL specific version, that may be differ or LibreSSL may be as default xSSL lib.

If you want more details, feel free to read: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254853

@alex
Copy link
Member Author

alex commented Nov 16, 2023

I've read the issue. It was not as illuminating as I'd hoped.

As best I can tell, the current state is that FreeBSD has successfully upgraded their version of pyca/cryptography, and have it working on multiple architectures (I see x86-64, arm64, and armv7 mentioned at a minimum).

There appears to be an issue with building rust under qemu, though I'm unclear of what the cause is, and it appears that building under qemu is no longer the officially supported way to build ports.

Many of the recent comments appear to be dealing with the pain of the OpenSSL 3 migration, which is entirely orthogonal to rust. We also heartily agree that the OpenSSL 3 migration has been very painful. I do not understand your comment about LibreSSL, we support it, numerous versions of OpenSSL, and BoringSSL out out the box: https://cryptography.io/en/latest/installation/#supported-platforms

If you have a specific issue, we're happy to hear it. But at this point your comments have been extremely unproductive, to say nothing of rude.

@mzary
Copy link

mzary commented Jan 4, 2024

Rust while attracting, is troublesome, at least for some platforms. Moreover, triggering the Rust build to update only one Python module is overkill and contributes to global warming. Could you let me know if you're aware of that? Green computing is as important as security nowadays. I have submitted a PR on FreeBSD Bugzilla to raise attention to this problem. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276105

@alex
Copy link
Member Author

alex commented Jan 4, 2024

You haven't provided any quantification or evidence for the premise that our migration contributes to global warming, so it's a bit hard to respond.

Nevertheless, I believe you have your premise backwards: Python is relatively slow, and thus consumes more computing resources than is necessary. Our migration to Rust has dramatically improved the performance of many components of cryptography, and thus reduced the resources consumed.

And this is before we discuss questions such as the level of sustainability for many data centers (many rely entirely on renewable energy).

Finally, if you have a specific platform you'd like to discuss support for, please file a dedicated issue for it. Responding to an unrelated issue is distracting to the pyca/cryptography project.

@reaperhulk
Copy link
Member

While global warming and human caused climate change is a very real and serious concern, it is not an argument in good faith to tie it to language choice. One could just as easily argue use of Python in its entirety is a contributor to global warming since it is an inefficient language and usage patterns executing the same code repeatedly (vs compiling once and having a far more efficient code path after that) would therefore be problematic.

As always, we are happy to discuss ways to make this easier for our users, up to and including working with folks on ecosystem level efforts (which we have engaged in before), but we can only consider actionable requests. "Revert back to C and abandon any effort to make things more secure" is not a course of action under consideration. If you do choose to engage in good faith in the future please open a new issue.

@alex alex added this to the Forty Third Release milestone Feb 10, 2024
@alex alex closed this as completed Jul 5, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

No branches or pull requests

4 participants