[openssl-users] OpenSSL version 1.0.2l published

Dennis Clarke dclarke at blastwave.org
Fri Jun 2 14:28:22 UTC 2017 

>> Sure, would "Major changes" be sufficient?  This is essentially
>> a RELEASE_NOTES file, not a comprehensive change log, which is
>> subsumed by git.
> 
> Exactly.  Lots of us have been trained by much experience that a file
> named CHANGES contains *all* of the changes, while a file named
> RELEASE_NOTES includes selected changes of particular significance.
> It's confusing to call a release-notes file CHANGES.
> 
> Appending a note that, for a full change log, [DO THIS], would probably
> be well received.
> 


     Simply remove the CHANGES file from the source release.

     Since it clearly is not a "CHANGES" list nor is it useful.

     I feel rather strongly that a source release of production grade
quality should come with reasonable documentation. That means within the
area of good judgement and reason. So a file in the production grade
source tarball that has a "CHANGES" file which clearly lists nothing of
any real value should be removed.  Perhaps there is a very long standing
tradition, not so much a de facto standard, however an expectation that
the source tarball to be used for a production grade release should have
certain little features in it. A file that says "INSTALL" which actually
does document ways to perform an out of the box[1] compile, testsuite
and then install.  That can be removed entirely also and replaced with a
note that says "see the internet".  How about the LICENSE or README?
These are archaic, ancient old dusty concepts and they go way way back
to the days of Apollo workstations or Sun deskside monsters.  Why do we
still bother with the install of the manpages?  Are those needed?  Who
actually ever runs "man SSL_CTX_free" and then reads the manpage?  It
really doesn't have much to say.  Just tell the user or the package
maintainer to go get it themselves somewhere.  Also what is that great
awful long thing CHANGES.SSLeay?  Toss that out the airlock.

     This is what is needed, a trivial one line replacement :

     sedna$ cat ACKNOWLEDGMENTS
     Please https://www.openssl.org/community/thanks.html for the current
     acknowledgements.

     I guess I'm being foolish to think that the source release is the
absolute reference standard. It is the "published" actual source as well
as the essential docs for it.  Perhaps expectations of that nature are
just twenty or thirty year old concepts because we have the internet at
our fingertips and the real data is out there .. somewhere. Go find it.

Dennis Clarke

[1] out of the box?  sorry, my age is showing. Perhaps "git pull" ?

More information about the openssl-users mailing list