[drzaiusapelord]

Says who? Maybe the cruft of the old ones means its impractical to fix. Maybe the leadership of the old ones means it can't be fixed due to incompetence or toxic politics. Sometimes rolling your own or forking is the smart move. There's a reason you use x.org and not xfree86 for example.

The idea that no one should ever roll their own cryptography is a cutesey warning for amateurs, but not an absolute rule. If no one ever did, we would never have any.

Also projects like openssl don't have third-party quarterly audits or other formal practices. They're "rolling their own" as much as the other guy.

[eganist]

Doesn't matter anymore -- the credibility of the person leading the project is thoroughly established, so I'm retracting my comment.

But generally, "says who" is answerable as "says any reputable applied cryptographer, established audit/research team, etc. who's thoroughly cut their teeth on crypto and security in general."