[codehusker]

>Go 1.8 will use X25519 and ChaCha20-Poly1305 in its TLS stack, but it doesn't offer modern application-layer cryptography in its standard library.

What qualifies as a standard library? I think Go supports both in the "x" repository which is officially part of the Go project, but is distributed separately and with different compatibility guarantees. It even gets vendored back into the main repository.

[CiPHPerCoder]

1. Install the language.

2. Don't install anything optional.

There, that's the standard library.

Some ecosystems will never add something like NaCl/libsodium to the standard library because the main developer experience requires package management, but that's irrelevant to the very narrowly defined claim being made.

[codehusker]

Install the language how, and from where?

What if my package manager includes libs like those under "x"? Or if it excludes certain libs? Homebrew is capable of this for many languages.

What if my language includes different libs depending on install target, like targeting embedded environments? I think Rust does this.

I think there is a large grey area being overlooked.

EDIT: This is particularly true in PHP land. If I just install the meta php package in most distributions, I will get a different set of extensions included.

[CiPHPerCoder]

> Install the language how, and from where?

Compile from src. Use the default options.

[cptn_brittish]

I know python keeps some packages outside the standard library as once it's in there development slows down and the package needs to be worked on more often.

Did any discussion on this possibility come up as I can see cryptography requiring a quicker update cycle when bugs are found then a schedualed language release can give.