openssl and openssh

Ryan Schmidt ryandesign at macports.org
Thu Mar 15 22:47:35 PDT 2012


On Mar 15, 2012, at 21:21, Brandon Allbery wrote:
> On Thu, Mar 15, 2012 at 19:55, Dan Ports wrote:
>> Part of the problem is that openssl 1.0.x versions are supposed to be
>> binary-compatible, but this wasn't true in the past (e.g. 0.9.8 and
>> 0.9.7 weren't). So the check openssh is doing is now bogus. See
>> https://bugzilla.mindrot.org/show_bug.cgi?id=1991 
>> 
> ...but was mandatory in pre-1.0 because the openssl policy completely violated everyone's library versioning policies *and* those policies designed into various library compatibility systems.

I suppose that's understandable; it's not unusual for projects with 0.x version numbers to have less strict versioning rules. Thanks Dan for explaining that. I guess it's just too bad that openssl took so long to get to 1.0 (1998?-2010... 12 years?), and that other projects are now taking so long to realize what implications that has for them. (Still, wine's got them beat, taking 15 years from 1993 to 2008 to reach 1.0.)


> In short, OpenSSL's history of ignoring everyone else in its version policies continues to bite *everyone*.  I have to wonder how they'll break everyone else next.  (OpenSSL as a project desperately needs to be replaced with something sane.)

There's GnuTLS... is that better / saner? 


More information about the macports-users mailing list