[openssl-project] A proposal for an updated OpenSSL version scheme (v2)

Viktor Dukhovni openssl-users at dukhovni.org
Fri Sep 21 14:32:46 UTC 2018



> On Sep 21, 2018, at 10:07 AM, Tim Hudson <tjh at cryptsoft.com> wrote:
> 
> And the output you get:
> 
> 0x10102000

The trouble is that existing software expects to potential ABI changes 
resulting from changes in the 2nd and 3rd nibbles, and if the major
version is just in the first nibble, our minor version changes will
look like major number changes to such software.

One could take the view that software that uses the OpenSSL version number
for more than inequalities is in a state of sin, and should stop doing
that, and perhaps doing that is not typical application behaviour, but
what Richard is trying to do is embed the semantic version number in
a wider field that allows us to keep the pre-release bits (which are
useful), to have an epoch nibble for versioning the version format,
and also keep the "significance" of the existing nibbles with the
2nd/3rd nibble signalling major changes while the 4th/5th are minor
version feature additions and 6th/7th are micro fix versions. the
8th nibble indicates dev/pre with 0xF signalling release.

This does not violate semantic versioning, if I only want to
support the *released* version of version 1.2.3, I'll test for
>= 0x?010203FUL, with "?" the epoch nibble (2 or 3).  If I
am planning to test pre-release features I can compare with
>= 0x?0102030UL.

We might not have done it this way if this were the first
even release of OpenSSL, but I think it is a find proposal.

-- 
-- 
	Viktor.



More information about the openssl-project mailing list