Unmaintained software is a problem and vanilla NaCl also left unfixed issues.
For example, the signature system was a prototype that shouldn't be used any more. The portable AES128 implementation produces incorrect output on some other platforms, one of the Curve25519 implementations performs out of bounds memory accesses, and one of the poly1305 implementations will produce incorrect output if your application changes the FP rounding mode. CurveCP was also a fantastic idea, but the NaCl implementation was just a proof of concept that cannot really be used in actual projects.
But would you rather have djb spend time addressing qmail compilation issues on Ubuntu 14.10, or keep making significant advances in applied cryptography (and security in general) instead?
In addition to organizing competitions, the amount of game-changing publications he made or contributed to is very impressive. And it might not have been the case if he didn't move on from software he wrote years ago.
For example, the signature system was a prototype that shouldn't be used any more. The portable AES128 implementation produces incorrect output on some other platforms, one of the Curve25519 implementations performs out of bounds memory accesses, and one of the poly1305 implementations will produce incorrect output if your application changes the FP rounding mode. CurveCP was also a fantastic idea, but the NaCl implementation was just a proof of concept that cannot really be used in actual projects.
But would you rather have djb spend time addressing qmail compilation issues on Ubuntu 14.10, or keep making significant advances in applied cryptography (and security in general) instead?
In addition to organizing competitions, the amount of game-changing publications he made or contributed to is very impressive. And it might not have been the case if he didn't move on from software he wrote years ago.