[botan-devel] Survey results

Jack Lloyd jack at randombit.net
Thu Nov 16 00:49:39 EST 2017

In total there were 34 replies to the user survey. (In retrospect, I should have
advertised it next to the download link on the web site in addition to the
mailing list.)

Q: In what type of project do you use Botan currently? (34 responses)

- 18 (53%) use botan in a commercial project
- 12 (35%) use botan in an open source project
- The remaining are something else (research project, educational use,
  test tools)

Q: Which version(s) of Botan do you use? (12 responses)

 91% - 2.x
 9%  - 1.10

I only thought to add this midway through the survey. I'm very glad to see such
a strong skew towards 2.x here, though perhaps people who bother to subscribe to
the mailing list are more likely to upgrade quickly, so this may not reflect the
broader user population.

Q: On what platforms do you use Botan (34 responses)
  82% use Linux
  65% use Windows
  35% use macOS
  25% use Android
  20% use iOS

I'm honestly not sure if the relatively low numbers for mobile suggest we should
ignore mobile as being niche (in terms of this project), or if it instead means
we should improve support and make it a more compelling option.

Q: How satisfied are you with Botan? (34 responses)
  53% rated 5
  38% rated 4
   9% rated 3

Not hugely surprising I guess, since anyone who really dislikes it can easily
use a different library.

Q: What should be prioritized in next 12 months? (28 responses)

 29% - TLS v1.3
 21% - performance
 21% - additional algorithms
 11% - better documentation
 11% - advanced protocols
 rest some other answer or no answer

There is likely to be good progress on all of these in the next year. I was
surprised to see such a strong demand for TLS v1.3. Supporting v1.3 is a large
project and unless dedicated funding appears it probably won't be available much
before end of 2018. (Assuming the spec is finalized by then, last I looked they
were still making changes to the state machine.)

Q: Name one change/improvement you'd really like (14 responses)

Lots of great comments in here, including:

 - Request for code audit (would love to, but the funding is not there)
 - Wiki documentation, community supported example code
   [We do have a wiki, but it's sparse: https://github.com/randombit/botan/wiki]
 - Multiparty computation (two requests for that)
 - Cryptobox for large files (again, two requests here)
 - Several different suggestions for improving the TLS interface, some of
   which you are likely to see in a future release.

Thank you to everyone who replied. This was very helpful for me to understand
what's important to the userbase.

More information about the botan-devel mailing list