On 04/23/2014 03:08 PM, Dr. Stephen Henson wrote:
On Wed, Apr 23, 2014, Steve Marquess wrote:
On 04/23/2014 01:30 PM, Hanno Böck wrote:
Hi,
... Basically, what bothers me most is that right now it seems to
me the openssl project is unresponsive. There are people out there
who want to improve things. There are people who want to help. And
most likely there are people asking themselves if they'd better
invest their time in improving openssl or helping out libressl.
So to the openssl devs: Please give some answers.
All true; but I would like to note that the OpenSSL team is in fact
currently very active, more so than has been the case for years. You
just can't see it quite yet. They are engaged in a reorganization and
discussions in preparation for launching a revitalized newer, better,
larger, more effective and more inclusive OpenSSL team.
Some big changes are coming and I would like to beg the indulgence of
the OpenSSL community for a bit longer.
I apologise for the lack of response. To reiterate what Steve Marquess has
said: changes are coming, big changes for the better and I hope they can be
finalised in the near future and we can give more details. Until now most
of it has been behind the scenes and not visible to the wider OpenSSL
community.
Speaking for myself. I've contributed a significant amount to the OpenSSL
project not least of which is the last 15 years of my life.
While I have spent a great deal of my free time on OpenSSL I have also been
driven by commercial necessity. That meant I had to give some priority to
matters which actually paid the bills.
That can and will change and I hope to working on OpenSSL full time in the
near future along with several of my colleagues.
Improving our response to community input will be a high priority.
So I would say this: things will improve soon. I only ask you please be
patient a little while longer.
You are most likely referring to
http://www.theverge.com/2014/4/24/5646178/google-microsoft-and-facebook-launch-project-to-stop-the
"With twelve companies already on board, that means the company has
already amassed $3.6 million in funding to be doled out as the project
progresses."
This looks really good.
I'm not happy about the libressl massacre also, but besides the drama
they have some points worth watching.
KNF (proper coding style) - openssl code just looks awful to look at
FIPS removal - deprecate old and insecure cruft, not all.
OS deprecations - do we need to support unsupportable systems? MSDOS,
__DECC, ...
compile-time optimizations, such as
https://github.com/rurban/openssl/commit/30c4e3f75dad9c847bf2ee8138e34a75ad4e8d96
and other obvious improvements, such as
https://github.com/rurban/openssl/commit/99f596f5f9f062c61c823be02738d8d7d0c38ed2#diff-6366878babc82036f992a890715dabadR1019
I've setup a github with crontab commits to both projects (branch
libressl [1])[2], so it is easier to watch their work. With cvs it is
next to impossible. They also have another libressl repo, but there is
no parent to compare against.[3]
(1) https://github.com/rurban/openssl/commits/libressl
(2) https://github.com/rurban/openssl/commits/master
(3) https://github.com/libressl/libressl
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
