[openssl-project] A proposal for an updated OpenSSL version scheme (v2)

Richard Levitte levitte at openssl.org
Sat Sep 22 06:30:05 UTC 2018


In message <20180922.075955.1307478942356074896.levitte at openssl.org> on Sat, 22 Sep 2018 07:59:55 +0200 (CEST), Richard Levitte <levitte at openssl.org> said:

> So far, we've basically seen two proposed solutions to the problem:
> 
...
> 
> - the other goes to the semantics of the encoded version number
>   according to documentation in opensslv.h and pod and drops the bits
>   that don't correspond to semantic versioning.  This will require
>   those that check for compatibility to change their mask to match.
>   In essence, openssh will have to introduce something like this:
> 
>       if (headerver >= 0x20000000L)
>           mask = 0xf0000000L;
> 
>   ... and adjust their lfix and hfix masks to match.

After writing this, I caught up on Tim's last post on the matter, and
this caught my eye:

tim> And the logical test there remains valid in that it detects all
tim> incompatible versions correctly - what changes is that some
tim> versions that are compatible are seen as incompatible - but that
tim> is an incorrect interpretation that is safe.

The brutal interpretation is "yeah ok, them guys are a bit overly
cautious / paranoid, but it's not a real problem visavi compatibility,
so uhmm *shrug*".

Put like that, it does resolve at least my concern.  It will mean that
those who use a mask that covers a bit more than just the major
version number will get to rebuild their application a bit more often
than absolutely necessary (as long as we stick to the social contract
we make), until they adapt their checking.  It doesn't actually break
anything.

This is something I can go with.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-project mailing list