[openssl-project] To use or not use the iconv API, and to use or not use other libraries

Andy Polyakov appro at openssl.org
Sun Jun 10 18:37:39 UTC 2018


> Regarding general use of other libraries, please think carefully before voting, 'cause this *is* tricky. If you have a look, you will see that we *currently* depend on certain standard libraries, such as, for example, libdl. And perhaps we should also mention the pile of libraries used with windows.
> 
> In my mind, this makes that more general vote ridiculous,

It certainly is, the vote should not be about such general principle.
It's way too general and most importantly *too natural* to vote about.
In sense that there are things that can't be voting matter. For example
"humans need air to breath" is not, and so is assertion that OpenSSL
needs libraries. And it's all but utterly natural to *minimize*
dependencies and make *minimum* assumptions. This means that one can
only vote on specifics, i.e. do we want specific dependency (at specific
level) or make specific assumption (at specific level). That's why
ballot should not be formulated "such as iconv", but *be* about iconv.

As for iconv per se. One has to recognize that it was standardized by
POSIX and one can expect it to be available on compliant system. Trick
is to reliably identify the said systems, and possibly by version, not
just by being X. So it's as important to have a fall-back to handle the
exclusions. As there will be exclusions. I can even name one already,
Android. And once again, I argue that there is even timing issue. It's
not right moment to make too broad assumptions about iconv availability
arguing that one is prepared to deal with issues. One can only argue
that it might be appropriate to enable it in cases one can actually
verify and confirm.


More information about the openssl-project mailing list