Legacy provider

Richard Levitte levitte at openssl.org
Wed Jan 15 21:56:48 UTC 2020


On Wed, 15 Jan 2020 21:07:54 +0100,
Benjamin Kaduk wrote:
> 
> Hi Pauli,
> 
> On Tue, Jan 14, 2020 at 09:34:40PM +1000, Dr Paul Dale wrote:
> > The OMC vote is closed.
> > 
> > The vote text being:
> > 
> > The legacy provider should be disabled by default in 3.0
> > 
> > With the clarification that "disabled" in this context means "not loaded”.
> > 
> > The vote passed (two for, one against, four abstain)
> 
> It's good to have a decision here, but I'm kind of worried about the four
> abstains -- it's easy for me to leap to a conclusion that the individuals
> in question just didn't want to to spend the time to come to a considered
> position, even though this issue has substantial potential impact for our
> userbase.  I'm trying to not make faulty assumptions, so some greater
> clarity on the circumstances would be helpful, if possible.

This was a vote that I found extremely difficult.  This topic has been
disputed on and off for quite a while, both on github and within the
OMC, and I could never decide between the two sides.  Both have pros
and cons that outweigh each other.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-project mailing list