From: "Rob Neff" <[EMAIL PROTECTED]>
neff.ra> However, the purpose of this discussion thread is not to
neff.ra> determine the use of a particular software library based
neff.ra> solely upon version number but rather to help those of us, in
neff.ra> the trenches, trying to establish the open-source concept
neff.ra> within a closed-source environment. By suggesting the
neff.ra> version change to the OpenSSL library, I'm simply trying to
neff.ra> address the preconceived notion of major releases with a
neff.ra> version number of zero implying beta status by non-techies.
I understand your concern, but please try to understand ours. OpenSSL
as it is today works well, but there are some internal things that
make us keep it at major version 0. Among other, the pretty big
footprint of certain parts, for example the current ASN.1 coder and
decoder, not to mention that it's a hack and needs to be remade (it's
being worked on as we speak). Also, some needed changes in the API
make the library not backward compatible in binary, which is a crutial
factor when you deal with shared libraries.
Very simply put: to bump the major version number would be irresponsible
and would definitely decrease the esteeme (sp?) there is in OpenSSL
and possibly open-source as a whole...
For a major version 0, OpenSSL is a very good package, it's stable and
has quite a number of features. For a major version 1, it lacks a
little bit (footprint being one, elegance of use in development being
another (have you looked at how and where reference counters are used?))
neff.ra> In fact, questions regarding my proof-of-concept application
neff.ra> with using OpenSSL as opposed to RSA have already surfaced.
neff.ra> Again, please understand that I am in favor of open-source
neff.ra> development and am asking for your help in trying to pursuade
neff.ra> these individuals.
Well, I'd say that a proof-of-concept does not lie in the version
number, but rather in the use of the package and it's stability and
feasability (sp?). One can look at a number of products out there
with major version numbers higher than 1 that are full of features but
unstable and unreliable. My suggestion is that you try to get away
from the version number discussion, that's a lost battle already...
neff.ra> You do not need to convince me of the technical merits of
neff.ra> OpenSSL. I'm on board with you.
Right, but that's your job toward those "individuals", and believe me,
version numbering is one of the poorest quality markers there is.
What those "individuals" need is a technical advisory that they can
trust. Is that what you're supposed to be?
neff.ra> Simply put, every little bit that you can do to help address
neff.ra> some of the fears and preconceived notions is another step up
neff.ra> the ladder for those of us trying to put open-source in it's
neff.ra> rightful place.
I hope the above helps.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
