Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-02 Thread Michael Wojcik 
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Dennis Clarke
> Sent: Friday, June 02, 2017 10:28
> 
>  Simply remove the CHANGES file from the source release.
> 
>  Since it clearly is not a "CHANGES" list nor is it useful.

It may not be useful to you. It's useful to me, and I suspect I'm not the only 
one.

Not everyone shares your preferences and prejudices.

Michael Wojcik 
Distinguished Engineer, Micro Focus 


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-02 Thread Dennis Clarke 

On 06/02/2017 10:36 AM, Salz, Rich via openssl-users wrote:

Dennis,

Feel free to not read any documentation you find superfluous :)


I'll simply leave this here as an example of truely fine CHANGES docs :

https://lists.freedesktop.org/archives/xorg/2017-June/058761.html

Dennis Clarke

ps: that is what people generally expect to see in CHANGES but the
 openssl folks may disagree of course.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-02 Thread Dennis Clarke 

you are the first person to raise this issue that I can recall in over 20 years.



I'll just go back to my server cave then.

dc
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-02 Thread Salz, Rich via openssl-users 
Dennis,

Feel free to not read any documentation you find superfluous :)

Too much information is not something people often say about OpenSSL.  We 
believe many people find the current file useful.  To wit, you are the first 
person to raise this issue that I can recall in over 20 years.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-02 Thread Salz, Rich via openssl-users 
> Appending a note that, for a full change log, [DO THIS], would probably be
> well received.

https://github.com/openssl/openssl/pull/3606

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-02 Thread Dennis Clarke 



Sure, would "Major changes" be sufficient?  This is essentially
a RELEASE_NOTES file, not a comprehensive change log, which is
subsumed by git.


Exactly.  Lots of us have been trained by much experience that a file
named CHANGES contains *all* of the changes, while a file named
RELEASE_NOTES includes selected changes of particular significance.
It's confusing to call a release-notes file CHANGES.

Appending a note that, for a full change log, [DO THIS], would probably
be well received.




Simply remove the CHANGES file from the source release.

Since it clearly is not a "CHANGES" list nor is it useful.

I feel rather strongly that a source release of production grade
quality should come with reasonable documentation. That means within the
area of good judgement and reason. So a file in the production grade
source tarball that has a "CHANGES" file which clearly lists nothing of
any real value should be removed.  Perhaps there is a very long standing
tradition, not so much a de facto standard, however an expectation that
the source tarball to be used for a production grade release should have
certain little features in it. A file that says "INSTALL" which actually
does document ways to perform an out of the box[1] compile, testsuite
and then install.  That can be removed entirely also and replaced with a
note that says "see the internet".  How about the LICENSE or README?
These are archaic, ancient old dusty concepts and they go way way back
to the days of Apollo workstations or Sun deskside monsters.  Why do we
still bother with the install of the manpages?  Are those needed?  Who
actually ever runs "man SSL_CTX_free" and then reads the manpage?  It
really doesn't have much to say.  Just tell the user or the package
maintainer to go get it themselves somewhere.  Also what is that great
awful long thing CHANGES.SSLeay?  Toss that out the airlock.

This is what is needed, a trivial one line replacement :

sedna$ cat ACKNOWLEDGMENTS
Please https://www.openssl.org/community/thanks.html for the current
acknowledgements.

I guess I'm being foolish to think that the source release is the
absolute reference standard. It is the "published" actual source as well
as the essential docs for it.  Perhaps expectations of that nature are
just twenty or thirty year old concepts because we have the internet at
our fingertips and the real data is out there .. somewhere. Go find it.

Dennis Clarke

[1] out of the box?  sorry, my age is showing. Perhaps "git pull" ?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-02 Thread Mark H. Wood 
On Thu, Jun 01, 2017 at 09:18:26PM -0400, Viktor Dukhovni wrote:
> 
> > On Jun 1, 2017, at 10:54 AM, Wouter Verhelst  
> > wrote:
> > 
> > It might be useful to make that point at the start of the CHANGES file,
> > then. Currently, it just says "Changes between X.Y.Zx and X.Y.Zy
> > [date]". While that doesn't claim to be complete, the simple word
> > "CHANGES" invokes the idea of a changelog, which should be complete --
> > and this file is not. If it's not meant to be, fine -- but then it
> > doesn't hurt to say so, and it would alleviate some confusion.
> 
> Sure, would "Major changes" be sufficient?  This is essentially
> a RELEASE_NOTES file, not a comprehensive change log, which is
> subsumed by git.

Exactly.  Lots of us have been trained by much experience that a file
named CHANGES contains *all* of the changes, while a file named
RELEASE_NOTES includes selected changes of particular significance.
It's confusing to call a release-notes file CHANGES.

Appending a note that, for a full change log, [DO THIS], would probably
be well received.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: PGP signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-02 Thread Wouter Verhelst 


On 02-06-17 03:18, Viktor Dukhovni wrote:
> 
>> On Jun 1, 2017, at 10:54 AM, Wouter Verhelst  
>> wrote:
>>
>> It might be useful to make that point at the start of the CHANGES file,
>> then. Currently, it just says "Changes between X.Y.Zx and X.Y.Zy
>> [date]". While that doesn't claim to be complete, the simple word
>> "CHANGES" invokes the idea of a changelog, which should be complete --
>> and this file is not. If it's not meant to be, fine -- but then it
>> doesn't hurt to say so, and it would alleviate some confusion.
> 
> Sure, would "Major changes" be sufficient?  This is essentially
> a RELEASE_NOTES file, not a comprehensive change log, which is
> subsumed by git.

Something like that, yes.

Alternatively, a note saying "and a number of changes too small to be
noted here, please see the git log for details" at the end of every
changelog would work too (and give a hint to users where to go for more
details).

-- 
Wouter Verhelst
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-01 Thread Viktor Dukhovni 

> On Jun 1, 2017, at 10:54 AM, Wouter Verhelst  
> wrote:
> 
> It might be useful to make that point at the start of the CHANGES file,
> then. Currently, it just says "Changes between X.Y.Zx and X.Y.Zy
> [date]". While that doesn't claim to be complete, the simple word
> "CHANGES" invokes the idea of a changelog, which should be complete --
> and this file is not. If it's not meant to be, fine -- but then it
> doesn't hurt to say so, and it would alleviate some confusion.

Sure, would "Major changes" be sufficient?  This is essentially
a RELEASE_NOTES file, not a comprehensive change log, which is
subsumed by git.

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-01 Thread Wouter Verhelst 
On 01-06-17 16:40, Matt Caswell wrote:
> CHANGES is what it is - a list of changes we thought were particularly
> worthy of note. If that's not enough information for you then use the
> git logs. I see very little value in automatically extracting info out
> of the logs and including it in the distribution when the logs are so
> easily accessible elsewhere.

It might be useful to make that point at the start of the CHANGES file,
then. Currently, it just says "Changes between X.Y.Zx and X.Y.Zy
[date]". While that doesn't claim to be complete, the simple word
"CHANGES" invokes the idea of a changelog, which should be complete --
and this file is not. If it's not meant to be, fine -- but then it
doesn't hurt to say so, and it would alleviate some confusion.

Thanks,

-- 
Wouter Verhelst
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-01 Thread Matt Caswell 


On 01/06/17 15:32, Dennis Clarke wrote:
> 
>> They are easily obtainable even if you do not have git. The list for
>> 1.0.2l is here:
>>
>> https://github.com/openssl/openssl/commits/OpenSSL_1_0_2l
> 
> ( point missed )
> 
> The issue is that the CHANGES file simply isn't.  The most recent for
> 1.0.2l being truely spartan. If this were vim or perhaps nano or even
> grep then I would go digging. However in these times of ever more
> security concerns for our servers I feel[1] that the openssl source
> release should at least have a trivial text list with more data than this :

CHANGES is what it is - a list of changes we thought were particularly
worthy of note. If that's not enough information for you then use the
git logs. I see very little value in automatically extracting info out
of the logs and including it in the distribution when the logs are so
easily accessible elsewhere.

Matt
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-01 Thread Dennis Clarke 



They are easily obtainable even if you do not have git. The list for
1.0.2l is here:

https://github.com/openssl/openssl/commits/OpenSSL_1_0_2l


( point missed )

The issue is that the CHANGES file simply isn't.  The most recent for
1.0.2l being truely spartan. If this were vim or perhaps nano or even
grep then I would go digging. However in these times of ever more
security concerns for our servers I feel[1] that the openssl source
release should at least have a trivial text list with more data than this :

sedna$ git diff --stat --color OpenSSL_1_0_2l..OpenSSL_1_0_2k
 .travis.yml|   1 +
 CHANGES|   6 -
 Configure  |  19 +-
 LICENSE|   4 +-
 Makefile.org   |   8 -
 NEWS   |   4 -
 README |   2 +-
 TABLE  |  58 +--
 apps/ca.c  |  19 +-
 apps/dhparam.c |  24 +-
 apps/enc.c |  33 +-
 apps/engine.c  |   9 +-
 apps/pkeyutl.c |   4 +-
 apps/prime.c   |   3 -
 apps/progs.h   |   2 +-
 apps/progs.pl  |  30 +-
 apps/req.c |   6 +-
 apps/s_client.c|   1 -
 apps/s_server.c|   1 -
 apps/srp.c |   4 +-
 appveyor.yml   |   8 +
 config |   9 -
 crypto/aes/Makefile|   2 +-
 crypto/aes/asm/aesni-sha1-x86_64.pl|   1 -
 crypto/aes/asm/aesni-sha256-x86_64.pl  |   1 -
 crypto/aes/asm/bsaes-armv7.pl  |   2 +-
.
.  etc etc
.
 util/domd  |   6 +-
 util/mk1mf.pl  |   1 -
 148 files changed, 756 insertions(+), 1520 deletions(-)
sedna$

Dennis

[1] yes I used the word "feel" here and it it a weak argument to be sure

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-01 Thread Matt Caswell 


On 01/06/17 15:17, Dennis Clarke wrote:
> On 06/01/2017 09:53 AM, Salz, Rich via openssl-users wrote:
>>>   So the CHANGES file isn't really "changes".
>>
>> The full list of everything that has changed can be found via git
>> logs.  As Matt said, we only put particularly significant items in the
>> CHANGES file.
>>
>>
> 
> Why?
> 
> Why isn't the list of changes dumped into a simple text file and
> included in the source release tarball ?   Consider users and systems
> which do not have git installed by default.  For that matter, git does
> not exist or even compile on those target systems but openssl most
> certainly does.

They are easily obtainable even if you do not have git. The list for
1.0.2l is here:

https://github.com/openssl/openssl/commits/OpenSSL_1_0_2l

Matt

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-01 Thread Dennis Clarke 

On 06/01/2017 09:53 AM, Salz, Rich via openssl-users wrote:

  So the CHANGES file isn't really "changes".


The full list of everything that has changed can be found via git logs.  As 
Matt said, we only put particularly significant items in the CHANGES file.




Why?

Why isn't the list of changes dumped into a simple text file and
included in the source release tarball ?   Consider users and systems
which do not have git installed by default.  For that matter, git does
not exist or even compile on those target systems but openssl most
certainly does.


Dennis

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-01 Thread Salz, Rich via openssl-users 
>  So the CHANGES file isn't really "changes".

The full list of everything that has changed can be found via git logs.  As 
Matt said, we only put particularly significant items in the CHANGES file.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-01 Thread Dennis Clarke 

On 06/01/2017 06:42 AM, Matt Caswell wrote:



On 25/05/17 15:29, Dennis Clarke wrote:


So this is exclusively a change to support mingw64 ?


Sorry, I missed this email somehow. This release rolls up numerous bug
fixes that have been implemented since the last release. We only put
particularly significant items in CHANGES.




One of the curious things I do ( there are numerous it seems ) is to
sometimes run a "catalog" process on a source tree where I get the file
list and the sha256 hash of every file.  Then compare with the previous
release.  There are a lot of differences.  A lot.  I can then "diff" for
my own reasons of curiosity.

So the CHANGES file isn't really "changes".

Dennis Clarke

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-06-01 Thread Matt Caswell 


On 25/05/17 15:29, Dennis Clarke wrote:
> 
> So this is exclusively a change to support mingw64 ?

Sorry, I missed this email somehow. This release rolls up numerous bug
fixes that have been implemented since the last release. We only put
particularly significant items in CHANGES.

Matt


> 
> That seems to be all that is said here :
> 
> https://www.openssl.org/news/cl102.txt
> 
> 
> 
>  OpenSSL CHANGES
>  ___
> 
>  Changes between 1.0.2l and 1.0.2m [xx XXX ]
> 
>   *)
> 
>  Changes between 1.0.2k and 1.0.2l [25 May 2017]
> 
>   *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the
> target
>  platform rather than 'mingw'.
>  [Richard Levitte]
> 
> 
> .
> .
> .
> 
> 
> Dennis Clarke
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-05-25 Thread Dennis Clarke 


So this is exclusively a change to support mingw64 ?

That seems to be all that is said here :

https://www.openssl.org/news/cl102.txt



 OpenSSL CHANGES
 ___

 Changes between 1.0.2l and 1.0.2m [xx XXX ]

  *)

 Changes between 1.0.2k and 1.0.2l [25 May 2017]

  *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the 
target

 platform rather than 'mingw'.
 [Richard Levitte]


.
.
.


Dennis Clarke
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL version 1.0.2l published

2017-05-25 Thread Patrick Mayweg 


Qint Software GmbH
Marlene-Dietrich-Str.59
80636 München 
+49 172 8910563
Sitz: München HRB 117326
Geschäftsführer: Patrick Mayweg.

> On 25.05.2017, at 15:57, OpenSSL  wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> 
>   OpenSSL version 1.0.2l released
>   ===
> 
>   OpenSSL - The Open Source toolkit for SSL/TLS
>   https://www.openssl.org/
> 
>   The OpenSSL project team is pleased to announce the release of
>   version 1.0.2l of our open source toolkit for SSL/TLS. For details
>   of changes and known issues see the release notes at:
> 
>https://www.openssl.org/news/openssl-1.0.2-notes.html
> 
>   OpenSSL 1.0.2l is available for download via HTTP and FTP from the
>   following master locations (you can find the various FTP mirrors under
>   https://www.openssl.org/source/mirror.html):
> 
> * https://www.openssl.org/source/
> * ftp://ftp.openssl.org/source/
> 
>   The distribution file name is:
> 
>o openssl-1.0.2l.tar.gz
>  Size: 5365054
>  SHA1 checksum: b58d5d0e9cea20e571d903aafa853e2ccd914138
>  SHA256 checksum: 
> ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c
> 
>   The checksums were calculated using the following commands:
> 
>openssl sha1 openssl-1.0.2l.tar.gz
>openssl sha256 openssl-1.0.2l.tar.gz
> 
>   Yours,
> 
>   The OpenSSL Project Team.
> 
> -BEGIN PGP SIGNATURE-
> 
> iQEcBAEBCAAGBQJZJtRNAAoJENnE0m0OYESROsEIALuf8f97c3YgUOz+72Cqrd+x
> NEDBmDASsRuIlqkXSkN6CunLUb/FQtCMP1n7POsYMAdNqJz+1tOxwxS42j4qsoxj
> AdNjf7qn/B0Jhd1A6q6GGxO25tmZne3GEga76ya99+/FRMmUWk/QFdCkaNlRtqf+
> +6B3KLCAw/pOsGucS8FIk8Wlr1gR/VTiwlxY63ZhzQg941vVNaOsuz+CNWlTc1pW
> E06cEBnbkjo23LcZH3E07TWHJdDayfROsZTkOZ30uXXo4Xk/KK/Mk4lOAMd7UPMh
> gxt/jSNcIjf32sGsJRwydlUq7f4OjQQFkFmm8GDY6HgAyRyN4EKCfEWgrCqQs1w=
> =F+zf
> -END PGP SIGNATURE-
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users