[OTC VOTE PROPOSAL] Fixing missing failure exit status is a bug fix
Nicola Tuveri
nic.tuv at gmail.com
Tue Nov 24 20:29:43 UTC 2020
Off-list I received a suggestion to use "unhandled" (thanks again!).
I am not sure about it (I actually originally discarded in my first
draft of this proposal) because I am afraid that talking of "unhandled
return value" from a function might be misinterpreted as cases in
which we are ignoring the return value of a callee or in which we are
not considering the whole set of possible return values.
Anyway, now that I disclaimed my doubts about it, I would submit to
your consideration this alternative to the original vote text:
In the context of the OpenSSL apps, we qualify as bug fixes the
changes to return a failure exit status when a called function
fails with an unhandled return value.
Even when these bug fixes change the apps behavior triggering
early exits (compared to previous versions of the apps), as bug
fixes, they do not qualify as behavior changes that require an
explicit OMC approval.
Would this be preferable to the original proposal?
Cheers,
Nicola
On Tue, Nov 24, 2020 at 7:33 PM Nicola Tuveri <nic.tuv at gmail.com> wrote:
>
> Uhm, thanks Kurt! I think you have a point here, "unrecoverably" might
> be a poor choice.
>
> Do you have a proposal to qualify these cases in general? Or a better
> way to rephrase it?
>
> I wasn't happy with "In the context of the OpenSSL apps, we qualify as
> bug fixes the changes to return a failure exit status when a called
> function fails." (i.e., omitting unrecoverably or a better term): it
> is not uncommon to have function failures that are intended to be
> handled, taking a different course of action.
>
>
> @tjh, as the main driver of a more generic vote like this, do you have
> a better vote text proposal?
>
>
> Nicola
>
>
> On Tue, Nov 24, 2020, 19:18 Kurt Roeckx <kurt at roeckx.be> wrote:
> >
> > On Tue, Nov 24, 2020 at 01:51:44PM +0200, Nicola Tuveri wrote:
> > > Background
> > > ----------
> > >
> > > This follows up on a [previous proposal] that was abandoned in favor of
> > > an OMC vote on the behavior change introduced in [PR#13359].
> > > Within today's OTC meeting this was further discussed with the attending
> > > members that also sit in the OMC.
> > >
> > > The suggestion was to improve the separation of the OTC and OMC domains
> > > here, by having a more generic OTC vote to qualify as bug fixes the
> > > changes to let any OpenSSL app return an (early) failure exit status
> > > when a called function fails.
> > >
> > > The idea is that, if we agree on this technical definition, then no OMC
> > > vote to allow a behavior change in the apps would be required in
> > > general, unless, on a case-by-case basis, the "OMC hold" process is
> > > invoked for whatever reason on the specific bug fix, triggering the
> > > usual OMC decision process.
> > >
> > > Proposed vote text
> > > ------------------
> > >
> > > In the context of the OpenSSL apps, we qualify as bug fixes the
> > > changes to return a failure exit status when a called function
> > > fails unrecoverably.
> >
> > I'm not sure the unrecoverably should be there. I think this was
> > about verifying is a public or private key was valid. If such a
> > function returns it's not valid, I don't call that an
> > unrecoverable error. But I do expect the application to return an
> > error exit code.
> >
> > An other example is s_client, which ignores verification errors by
> > default. You can change that behaviour with -verify_return_error. If
> > you do that, s_client will actually exit with return value 1 in case
> > of a verification error.
> >
> >
> > Kurt
> >
> >
More information about the openssl-project
mailing list