[openssl-project] Release strategy updates & other policies

Richard Levitte levitte at openssl.org
Tue Sep 25 08:26:16 UTC 2018

In message <20180924.100003.2155153469056385673.levitte at openssl.org> on Mon, 24 Sep 2018 10:00:03 +0200 (CEST), Richard Levitte <levitte at openssl.org> said:

> In message <79590c7b-98a4-4816-9eea-52f21b5e23e1 at default> on Sun, 23 Sep 2018 20:37:46 -0700 (PDT), Paul Dale <paul.dale at oracle.com> said:
> > Some thoughts about this:
> > Should we deprecate functions at a major release or with LTS
> > releases?
> I'm not sure I'd tie that to LTS releases specifically.  Our current
> practice (as seen in the name of our deprecation macros) is to
> deprecate stuff (not just functions...  there are certain openssl app
> commands that I'd like to get rid of) at major release boundary.
> (Incidently, semantic versioning FAQ suggests that deprecation can as
> well happen in a minor release, possibly even preceding a major
> release)
> Also, we must consider if we see deprecation as an incompatible API
> change.  If we do, deprecation can most certainly only happen at major
> release boundary.  My 0.02 SEK is that we should, if we consider the
> configuration option 'no-deprecated' and how deprecation at minor
> release boundary could lead to surprise breakage.

I've been thinking a bit more on this part, and am wavering...  with
our slow pace (it's usually a couple of years between MINOR releases),
deprecating only at MAJOR release boundaries may be quite a stretch to
predict what should go and what shouldn't.  After all, deprecation is
only tacking on a warning that something is going to disappear in a
predictable future, if at all possible to do.

We may have to regard 'no-deprecated' as a development configuration
option only, basically classifying it as "all bets are off".


Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-project mailing list