OpenSSH and OpenSSL snapshots

Markus Friedl openssh at openbsd.org
Tue Jan 22 20:16:42 EST 2002


On Tue, Jan 22, 2002 at 09:55:03AM +0100, Lutz Jaenicke wrote:
> On Tue, Jan 22, 2002 at 09:36:57AM +0100, Markus Friedl wrote:
> > On Tue, Jan 22, 2002 at 01:24:49AM +0100, Lutz Jaenicke wrote:
> > > >From OpenSSL's CHANGES file:
> > >   +) Change all functions with names starting with des_ to be starting
> > >      with DES_ instead.  This because there are increasing clashes with
> > >      libdes and other des libraries that are currently used by other
> > >      projects.  The old libdes interface is provided, as well as crypt(),
> > >      if openssl/des_old.h is included.  Note that crypt() is no longer
> > >      declared in openssl/des.h.
> > > 
> > >      NOTE: This is a major break of an old API into a new one.  Software
> > >      authors are encouraged to switch to the DES_ style functions.  Some
> > >      time in the future, des_old.h and the libdes compatibility functions
> > >      will be completely removed.
> > >      [Richard Levitte]
> > 
> > why do you break the old API? why is the old API not
> > the default?
> > 
> > why don't you call this	 openssl-1.x instead of you really
> > have to break the API?
> 
> It's one of the compromises we have to make. people complained about
> severe problems when linking against other libraries also offering
> DES functionality, so the namespace had to be cleaned up somehow.
 
But why break binary compatibility for 99% of the
users if 1% have problems with linking?

Why not provide an 'option' for for these 1%,
that allows then to use the new API, e.g
	#define OPENSSL_NEW_DES_API
	#include <openssl/des.h>

> With respect to the numbering scheme: "1.0" should be the first version
> from which on we promise API _and_ binary compatibility.

So the reason for not calling this 1.0 is that nobody cares about
binary compatibility _NOW_.

The problem is that OpenSSL _is_ used, so binary _and_ API
compatibility should not be discarded.

> I know that version numbering of OpenSSL is quite somewhat confusing.
> 0.9.7 is a major step forward from 0.9.6 (and takes far too long to
> come out; it would probably be better to make more releases but in
> a shorter cycle; my experience - also with other projects - show
> that monster projects tend to make things crawl...).

Yes, that's true.  In the future we will have a time-based
release scheme for OpenSSH (just like OpenBSD has a release
every 6 months).

-m



More information about the openssh-unix-dev mailing list