On Wed, 25 Apr 2001 [EMAIL PROTECTED] wrote:
> > And we've stated that binary compatibility doesn't exist
> > either. Given those two
> > things, you'd think that OS distributions wouldn't build
> > everything based on
> > OpenSSL as shared libraries wouldn't you ... funny what
> > people will do with
> > "experimental" support.
> >
> > Cheers,
> > Geoff
> It's probably worth pointing out also that the engine code is also
> "experimental", and at least two companies already advertise their SSL
> accelerators as working with openssl. If I was being really pedantic, I
> would say that neither of them officially "work" with openssl. However, I
> would like stay friends with these companies.
umm ... engine code is "experimental"???
Support for it within certain popular applications may be marked as
experimental, but that is not the case with the code itself. The fact it has
been released side-by-side with a non-ENGINE version of OpenSSL is more about
introducing it gradually and not forcing it down application-programmers throats
in one go than it is about any "experimental" status.
Here of course I assume we mean "experimental" in the (semi-)officially stated
sense, not in the quality sense. As you go on to say in the next paragraph,
trying to grapple with the quality form of "experimental" opens up a can of
worms far bigger than OpenSSL, or indeed the whole unix community. <grin>
> In my experience though, "experimental" code for openssl (and mod_ssl) is
> more stable than the "finished" code that comes from that well known place
> is Washington State.
Indeed.
However heading back to the original subject - binary compatibility has been
something we've stated *will* not exist from version to version, except by luck.
As Richard pointed out, shared library support itself (ie. putting OpenSSL in
shared library form) is experimental. That is as stated by developers.
Distribution packagers have decided to play russian roulette with both of those
*stated* warnings, by including the shared library forms rather than building
any OpenSSL-dependant applications statically. Remember too that these shared
library forms are system-wide and intended to be used by all openssl-based
applications you install and upgrade over time. When you think about the
implications of trying to do a package upgrade on the openssl libs, and how that
could affect older openssl-based software. Well ... the potential for problems
is clear, whether or not they have actually hurt anyone yet.
Previously unknown bugs/quirks in supported software is one thing, using
features that are *stated* to be experimental by their maintainers is another.
(Translation: all things are relative - if you're scared by "release quality"
software from that place in Washington State, how terrified are you when even
*they* state something is "experimental"??)
Cheers,
Geoff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
