[openssl-project] To use or not use the iconv API, and to use or not use other libraries

Richard Levitte levitte at openssl.org
Thu Jun 7 18:36:07 UTC 2018


In message <fe9ed5f1-9f8f-792b-9f26-512af63cec89 at openssl.org> on Thu, 7 Jun 2018 17:55:27 +0200, Andy Polyakov <appro at openssl.org> said:

appro> > Regarding general use of other libraries, please think carefully before voting, 'cause this *is* tricky. If you have a look, you will see that we *currently* depend on certain standard libraries, such as, for example, libdl.
appro> 
appro> One has to recognize that each dependency has to be justified.

Yes, of course.  Caution is advisable, always.

appro> > And perhaps we should also mention the pile of libraries used with windows.
appro> 
appro> It's not about amount, but ubiquity and stability. Windows is bad
appro> example in the context, because it's rather "mono-cultural" environment.

Yes, you're right, and I didn't really mean to make a serious argument
about the amount, just pointing out that we already rely on standard /
system libraries.

appro> But *otherwise* thing is that we already *know* that those extra
appro> libraries work. Or at least know what to expect and how to deal with
appro> them on different platforms. They were effectively proven to work by
appro> lasting through several releases and years-long bug ironing. This *is*
appro> factor too. And that's what made me pose "is b) part of vote" in my last
appro> post.

I'll have you note that the PR that I'm pointing at still has an open
question about how to deal with the problem of some systems not
reliably support iconv.

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-project mailing list