Re: [openssl.org #479] support version independent upgrade

Tue, 28 Jan 2003 01:27:55 -0800 

In message <[EMAIL PROTECTED]> on Mon, 27 Jan 2003 23:33:24 
+0100 (MET), "[EMAIL PROTECTED] via RT" <[EMAIL PROTECTED]> said:

rt> Actually, I'd prefer that I wouldn't have to relink and
rt> redistribute my application every time a security patch comes out
rt> for OpenSSL.  I haven't seen any issues in our application
rt> upgrading from 0.9.6 to 0.9.7 using this non version technique on
rt> our local development nodes.

If all you wanted was security patches, you upgrad to the next patch
level of 0.9.6.  0.9.7 contains a lot more changes than just security
patches.  Also, as a very simple test, I built 0.9.6h and 0.9.7 with
shared support, but made sure I linked the 0.9.7 test suite against
the 0.9.6h libraries.  Then I ran them.  Kaboom (I don't recall
exactly where, I did it some time ago...).

So if *you* haven't had any issues, count your blessings and don't
make any changes to your applications.  Unfortunately, since it's
easily proven that there's a risk of mysterious crashes, we can't
support your claim.  Sorry.

rt> The version technique doesn't just prevent backward compatibility
rt> but it prevents users from getting potential security upgrades
rt> that *may* work just fine.  It's definitely not a desirable
rt> distribution scenario as it sits now.  It forces developers to do
rt> relinks and redistribute whether they're needed or not.

I agree that the current situation isn't optimal for shared libraries.
What would you do in our place (and please look outside your
particular sandbox, and think of all the reports of mysterious crashes
that will flow in to us (which they sometimes do for systems like
Windows, where there is no versioning).  Basically, place yourself in
our shoes).

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to