[tahoe-dev] SFTP dependencies (was: how do I manage dependencies on JavaScript code?)
David-Sarah Hopwood
david-sarah at jacaranda.org
Sat Sep 4 23:19:18 UTC 2010
Zooko O'Whielacronx wrote:
> On Fri, Sep 3, 2010 at 10:00 AM, Chris Palmer <chris at noncombatant.org> wrote:
>> Compare Tahoe-LAFS to the Tor project. Tor has many nice things in its
>> ecosystem, but they are separate projects that work well together instead of
>> all being build dependencies bundled into a single giant mega-project.
>
> Can you be more specific? The only thing that I can think of off the
> top of my head that is bundled into Tahoe-LAFS and could be unbundled
> is the SFTP server, which is the thing that causes us to depend on
> PyCrypto and pyasn1 packages. I don't think it is a good idea to make
> SFTP support unbundled or optional though, since it the source code
> for it is intertwined with all the other Tahoe-LAFS source code and
> since it is really conceptually much like the HTTP server and the
> command-line tool (in my mind at least).
I beg to differ: the source for the SFTP frontend is not intertwined with
other Tahoe-LAFS code to a significant extent. It's a relatively small
amount of code, almost entirely confined to src/allmydata/frontends/sftpd.py
(and auth.py, which is shared with the FTP frontend), that is layered cleanly
on top of other documented interfaces of the Python API. There is also one
method in src/allmydata/client.py (init_sftp_server) to parse SFTP-related
options in the tahoe.cfg file. Apart from that method, nothing else in the
Tahoe code base depends on SFTP.
I have no objection in principle to making SFTP optional. However, it would
make the packaging more complicated (when we should be making that less
complicated), and the only good reason to do it would be to make the indirect
dependency on PyCrypto also optional. I would rather expend effort on
eliminating that dependency on PyCrypto (at least when using new versions of
Twisted), even when SFTP is enabled.
The pyasn1 dependency is much less problematic because pyasn1 is a pure
Python package, it appears to be more stable than PyCrypto, and it is less
likely to be a cause of security and other bugs.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20100905/8f27b180/attachment-0001.pgp>
More information about the tahoe-dev
mailing list