[openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
Richard Moore
richmoore44 at gmail.com
Thu Nov 19 16:36:09 UTC 2015
On 19 November 2015 at 15:39, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu
> wrote:
> >
> >I believe the maintenance costs for pure C implementations in such
> >separate libcryptolegacy or even in the main C library would be quite
> >minimal.
>
> 100% concur, based on my experience maintaining code (going back enough
> decades to know :).
>
>
Heh. I actually tested building all releases of openssl after 0.9.7 a few
months back - several refuse to build with the default options on 64 bit.
In addition my experience shows that compilers get stricter over time, so
old code will general need changes to work with newer compilers (even when
you're only talking over a relatively short period such as 5 years). Now if
this code were included in openssl but disabled by default then these
problems would exist but simply be hidden until someone tried to use it.
Given the user would then have to fix them (since no one else cares about
their favourite dead algorithm) I don't really see what advantage having
the code in the main tree offers.
Cheers
Rich.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151119/9293572c/attachment-0001.html>
More information about the openssl-dev
mailing list