Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

README warning about optional dependency 'ed25519' is out of date, sodium-native now used. #534

Closed
grempe opened this issue Apr 27, 2020 · 3 comments
Labels

Comments

@grempe
Copy link
Contributor

grempe commented Apr 27, 2020

Describe the bug

There is a warning in the README file recommending installation of the ed25519 library. This library is in fact no longer used by stellar-base since version 0.13.12 was released a year ago.

The current version of stellar-base now instead makes use of sodium-native.

https://github.com/sodium-friends/sodium-native

See release changes and CHANGELOG:

stellar/js-stellar-base@v0.13.1...v0.13.2

@grempe grempe added the bug label Apr 27, 2020
abuiles pushed a commit that referenced this issue Apr 27, 2020
…536)

#534

- Remove section of README discussing fixes for Win ed25519 install that no longer apply.
- Change "Warning" to "Important". There is no danger in use of `tweetnacl` and no need to be alarmist.
- Remove unsubstantiated speed language. This is not a concern for most as `tweetnacl` can perform at least 200 signing ops/s and negative comparisons are not backed by data. Comparison might also have been against `ed25519` lib.
@abuiles
Copy link
Contributor

abuiles commented Apr 27, 2020

Fixed in #536

@abuiles abuiles closed this as completed Apr 27, 2020
@grempe
Copy link
Contributor Author

grempe commented Apr 27, 2020

@abuiles PS I plan to file an issue over on stellar-base questioning the need for this native dependency at all in favor of just using tweetnacl. This would keep things simpler, eliminate compilation issues (which are even trickier when using in a Docker container), and the speed diff, if any, is likely insignificant for most/all use cases. tweetnacl is also the only JS lib that I am aware of that also has had a full Cure53 security audit.

@abuiles
Copy link
Contributor

abuiles commented Apr 27, 2020

@grempe sounds good! This libraries haven't change much in the last couple of years, so if something doesn't make sense, please let me know and I'm happy to work together to address those issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants