[openssl-project] A proposal for an updated OpenSSL version scheme (v2)
Richard Levitte
levitte at openssl.org
Sat Sep 22 06:30:05 UTC 2018
In message <20180922.075955.1307478942356074896.levitte at openssl.org> on Sat, 22 Sep 2018 07:59:55 +0200 (CEST), Richard Levitte <levitte at openssl.org> said:
> So far, we've basically seen two proposed solutions to the problem:
>
...
>
> - the other goes to the semantics of the encoded version number
> according to documentation in opensslv.h and pod and drops the bits
> that don't correspond to semantic versioning. This will require
> those that check for compatibility to change their mask to match.
> In essence, openssh will have to introduce something like this:
>
> if (headerver >= 0x20000000L)
> mask = 0xf0000000L;
>
> ... and adjust their lfix and hfix masks to match.
After writing this, I caught up on Tim's last post on the matter, and
this caught my eye:
tim> And the logical test there remains valid in that it detects all
tim> incompatible versions correctly - what changes is that some
tim> versions that are compatible are seen as incompatible - but that
tim> is an incorrect interpretation that is safe.
The brutal interpretation is "yeah ok, them guys are a bit overly
cautious / paranoid, but it's not a real problem visavi compatibility,
so uhmm *shrug*".
Put like that, it does resolve at least my concern. It will mean that
those who use a mask that covers a bit more than just the major
version number will get to rebuild their application a bit more often
than absolutely necessary (as long as we stick to the social contract
we make), until they adapt their checking. It doesn't actually break
anything.
This is something I can go with.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-project
mailing list