Actually, I'd prefer that I wouldn't have to relink and redistribute my application every time a security patch comes out for OpenSSL. I haven't seen any issues in our application upgrading from 0.9.6 to 0.9.7 using this non version technique on our local development nodes.
The version technique doesn't just prevent backward compatibility but it prevents users from getting potential security upgrades that *may* work just fine. It's definitely not a desirable distribution scenario as it sits now. It forces developers to do relinks and redistribute whether they're needed or not. -----Original Message----- From: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 2:10 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: Jim Sahaj Subject: Re: [openssl.org #479] support version independent upgrade In message <[EMAIL PROTECTED]> on Mon, 27 Jan 2003 22:40:24 +0100 (MET), " via RT" <[EMAIL PROTECTED]> said: rt> Currently, on many Unix platforms I link my application against rt> libssl.so and libcrypto.so. Typically, these are links set to resolve rt> down to the versioned types of these files, like libssl.so.0.9.7 and rt> libcrypto.so.0.9.7. The internal names of these shared objects rt> include the major and minor version so even though I link against the rt> shared objects without the version, such as libssl.so, my application rt> becomes tied to the versioned shared objects at link time, for rt> instance libssl.so.0.9.7. There's a reason: until OpenSSL 1, we don't guarantee backward binary compatibility. There are technical reasons for this, like the need to make changes to published structures (it may be argued that it shouldn't be needed, but to achieve such flexibility, we either need to hide them (which would require huge changes for everyone) or redo them in such a way that they become rather generic) and other stuff. Because of this, we're forced to do what we currently do with shared libraries. Perhaps you'd prefer that your applications crash mysteriously and in an unrecoverable manner? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
