Deprecation of stuff
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Sep 4 12:59:22 UTC 2019
On Wed, Sep 04, 2019 at 02:43:34PM +0200, Tomas Mraz wrote:
> > The dispute in PR https://github.com/openssl/openssl/pull/7853 has
> > made it quote obvious that we have some very different ideas on when
> > and why we should or shouldn't deprecate stuff.
> >
> > What does deprecation mean? Essentially, it's a warning that at some
> > point in the future, the deprecated functionality will be removed. I
> > believe that part of the issue surrounding this is uncertainty about
> > when that removal will happen, so let me just remind you what's
> > written in our release strategy document:
Actually, my issue was not timing, but whether the particular feature
warrants eventual removal. I don't believe it does.
> > 1. Why should we deprecate stuff
>
> Because keeping every legacy API/feature/option/... increases the
> maintenance burden, attack surface, confuses users/developers, and in
> general hinders the development.
>
> > 2. Why should we not deprecate stuff
>
> If something does not really have an adequate replacement, it does not
> really increase the maintenance burden, does not significantly increase
> the attack surface, and is still used widely in applications, it should
> not be deprecated.
This is essentially the basis of my objection, with less emphasis
on "adequate replacement". Just because we *can* ask users to
rewrite their code, does not mean we *should*.
--
Viktor.
More information about the openssl-project
mailing list