#SharedCrypto 3rd party library standards #SharedCrypto
I propose we establish some standards for libraries we will incorporate in crypto-lib (or Ursa or whatever we will soon call it :) )
As a motivating example there’s a PR to add a blake2 library. I’ve not independently verified the performance claims but it looks like it is quite fast. In the risk department, though, the source repo indicates a single contributor and only 2-3 months of history. The latter raises risks that the code is not hardened and the former is a risk that it won’t be maintained.
The different tiers we establish complicate having a single list of criteria. Without being too rigid we could probably make a matrix of what degree applies to which tier. Here’s a starter list of criteria:
Taking `maturity` as a simple example we could set the levels for the 3 tiers as
Standard: 1 year
Semi-Trusted: 3 months
Interested in feedback on this approach.