OpenSSL project is considering to close this mailing list

Karl Denninger karl at
Mon Mar 20 16:31:48 UTC 2023

On 3/20/2023 12:14, Jonathan Day wrote:
> I'm not watching GitHub because, as a user, my questions tend to be 
> targeted towards very specific problems I'm having* and I'm not in a 
> position to answer anyone else's questions. :)
> *Legacy code can be... interesting to maintain. A fair chunk of the 
> code I'm working on is circa OpenSSL 1.0, although there are bits and 
> pieces that are from much earlier. But this means that the sorts of 
> questions I'm going to be asking in the near future will be unusual. 
> Not that many people are going to be jumping from 1.0.0 to 3.1.0, and 
> even fewer will be modernising truly ancient code. So looking out for 
> such questions will be a pointless endeavour.
> In defence of the response times of this list, I got a response to my 
> question almost immediately. True, one data point does not a statistic 
> make, but I've not noticed any questions going astray in the brief 
> time I've been on the list. Responses seem to be quick and 
> informative. It might be that this is unusual, that I'd need to stay 
> on the list a lot longer to see the real pattern, so I'll rely on the 
> views of others on that, but I am not seeing anything that strongly 
> reeks of list apathy.

A few times I've asked questions on the list; as a developer who uses 
this library on a fairly routine basis I've got code out there that is 
both pretty current and that which was compiled on platforms and OS 
versions that are not anywhere near current -- and for various reasons 
beyond my control never will be.

Will I take such questions to Github in the future if this goes away?  
No.  I can (and do) scan the new messages on this list daily as its 
fast, easy, and in one place and in /many /cases that has alerted me to 
something I need to pay attention to.  I'm one of the "mostly-silents" 
who nonetheless take the information from discussions here /and use it, 
/in many cases narrowing security issues or understanding whether a 
particular problem is of importance to said software or not, and if it 
is, whether it can be successfully mitigated or not.  I don't have to 
open a web browser and dig through things; it comes straight to my 
inbox. Some may see this as archaic but I see it as beneficial to my 
workflow, and the potential alternative isn't.

Karl Denninger
karl at
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4864 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the openssl-users mailing list