Bodo Moeller wrote:
> I've not quite finished cleaning up the cert_st handling -- while I
> hope that the current code is significantly less broken than the one
> that was in the library until yesterday, the session->sess_cert stuff
> still is not too comprehensible, and thus I cannot claim to be sure
> that there are no further bugs waiting to be discovered. The pending
> changes should have no effect on the API and should not depend on any
> particular system-dependent things, so they should be rather harmless,
> and they may count as "bugfixes and cleanups", but it won't just be
> cosmetic changes. Should we really leave the code as it as for now
> (with my small comments of the form /* XXX ... */ that mark things to
> be changed and which, in even briefer style, could be expressed as
> /* Argh */) and delay those changes, or should we better expand the
> testing period by another week so that the released code will be in a
> nicer state?
We should finish the changes, and expand the testing period if needed.
I'm actually inclined to put out an interim release (as we do for
Apache, i.e. a "beta" release) to encourage wider testing.
I'm also going to force the version number debate to a conclusion, even
if I have to take unilateral action.
Cheers,
Ben (acting as release manager).
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
