At 04:58 PM 8/9/2002 EDT, Jeffrey Altman writeth:
>If you do not have the skill to deal with a missing export in a DLL,
>you do not have the skill to be working with security code.
I understand perfectly how to deal with missing exports. I've been writing
code for 13+ years and have in-depth knowledge of thousands of subjects
(learning more every day, of course) and maintain a language base of 20
different languages. I most certainly am skilled and am insulted to have
you tell me otherwise.
As such, I have learned, the hard way, that always obtaining the "latest
and greatest" of anything (including software) is not the route to take.
Someone once said to me that second- and third-generation production models
are more stable, more likely to work as expected, and more usable. That is
one of the reasons I am holding off from moving to 0.9.6g until _I_ see
some stability in the release schedule. If others want to follow suit,
that's fine with me.
>> The problem is not that the release was made, the problem is that
>> it was improperly labelled. By not saying that it was beta-quality,
>> people were misled. There is a significant portion of the community
>> that either doesn't have the skill or the inclination to deal with
>> beta-quality software.
>>
>> The intent of not labelling the e, f, and g releases as beta was to
>> have them widely distributed. However the opposite effect is
>> happening as people will now be suspicious of the quality and will
>> simply wait to see how things shake out.
Shining Light Productions may have an intense release schedule, but the
Company verifies that the products released are stable and are going to
work *before* distribution.
Granted, the security issues are/were serious, but keeping your heads on
your shoulders and not running around like chickens without heads saying,
"New release! New release! New release!" makes OpenSSL look
unprofessional. The issue here is responsiveness yet maintaining stability
and compilability in the releases. There should only have been _ONE_
release, not _THREE_. As it stands, I'm waiting a couple weeks for things
to settle down before I go out and grab the source and build it. That
"couple weeks" means a couple weeks where there are no more updates. If
any occur, that couple weeks will turn into a month or two. Keep updating
like you have been without a decent Win32 base of developers doing beta
testing and it'll be a year before I decide to get a "stable" release.
Don't claim to support a platform if you don't intend on supporting it.
You have a Win32 version...so support it - completely. I wouldn't care if
you released a version every single week as long as your Win32 code base
has been compiled and regression tested. I have just about as much time to
wade through the makefiles as most of the other people on this list
do...that is, none.
Personally, I wouldn't mind if the OpenSSL team just made binaries for
Windows. Most Windows developers don't like to waste time figuring out how
to build massive projects like OpenSSL (I've built several, including
OpenSSL, and none of them are fun...with minimal, usually uninformative
documentation on the Win32 build and lots of docs on the *nix builds -
unfairly treating *nix users to better, well-designed, well-written docs).
We like binaries. Windows developers have tools to extract the needed
information from DLLs into LIBs to enable us to get back to what we were
doing...Oh! Yeah! Right. I was programming! (I almost forgot...got
side-tracked with this OpenSSL build thingie).
Hope this helps!
Thomas J. Hruska -- [EMAIL PROTECTED]
Shining Light Productions -- "Meeting the needs of fellow programmers"
http://www.shininglightpro.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
