That is the story about a little and probably useless software i wrote. Everything began in 2007 during my internship in Pardus. Pardus uses pisi (a Python based package manager) and pisi doesnt have any sign/verify mechanism (still doesnt have) to secure package transmission. Well we all decided it would be cool to make the verification process via X.509 certificates so we can have more info about signer and etc. And everything began, i started designing the app. The idea was simple we have a package we sign it via X.509 and put the signature in package an send to users for installation. User has on other site a db with trusted certificates, he/she extracts the signature checks if the cert is trusted. If the cert is good to use user computes the hash of all files in package and compares with hash that is in the signature. Simple yes ...
The implementation part was not so easy for me. I heard that there is a Python package for handling SSL things called Python OPenSSL. I was excited it was my first Open Source program but pyOpenSSL didnt have all my needed classes for certification handling, signing and verification parts (if has man i dont know). Than i found M2Crypto it had some ugly Python code and bad exception handling but had all the cool features i needed. And the 'imzaci' was there an alpha verison maybe, it didnt have a code base i was proud of. The application was not accepted by Pardus members and none asked me about it to make it better or to fix sth. Everyone was silent , man probably i wrote the ugliest program in the world if none says sth :)
I thought it was the way how Open Source works. (People can think about things they have experinced) Well Open Source code development doesnt work like that believe me. People discuss,fight,share,apply patches that is the world i was imaging from the beginning. However i didnt make a good start :) The GSOC2008 and FUNC project showed me that secret and cool Opensource World.
Well lets return to our little useless application, after GSOC2008 i have rewritten most of the code maybe better maybe worse i dont know. I changed its name it is not imzaci anymore it is pysign and it is an independent (no written for specific distro) application. Why i have rewritten the program ? I wondered if i became better after those years. Well the code is here [1] and you know what it was not fun to write it. If someone is going to write an app similar to that one please look at my code maybe you can grap some part of it. I wrote it once dont do it again :)
Ok what is the point :) The point ;is it is very very very important to choose community you are going to contribute. Please before you join look at mail listing conversations, look at documentation of project or community has. The start is very important and if you have luck you will be in a place where people respect every bit of your code. That is the Open Source world i was looking for and found at the end :)
There are two kind of programmers, good programmer gets the old code fixes it (if possible) and completes the job in less time, bad programmer writes all the code from scratch (maybe worse than first programmer). Be the good programmer i wrote it dont repeat yourself :)
[1] http://github.com/makkalot/pysign/tree/master