Re: AW: Which platforms will be supported in the future on which platforms will be removed?

Mon, 02 Jun 2014 19:14:25 -0700 

 (c) EBCDIC.

z/OS is still alive. I'll concede that one is weird and hard to get hold
of, but it has a lot of users still.

This ISN'T the Linux kernel. It's userspace code and longer lived and wider
spread than Linux and pretty fundamental to security.
Even with the 'dead' platforms crossed out, it has far more variants to
support than Linux, and typically longer support lifetimes.

So, some device like a router has been out in the field ten years but still
works just fine, are you going to block security updates for it ?

You won't get major cleanups without purging platforms like Windows, OS/X,
AIX, HP/UX.

Windows, I'd suggest most of the cruft there could be removed by insisting
that it builds with gnu make/cygwin installed but using the native MS
compiler. That's probably the biggest single cleanup possible and it's very
much a 'live' platform.

Peter



From:   "Theodore Ts'o" <ty...@mit.edu>
To:     openssl-dev@openssl.org
Date:   03/06/2014 12:01 PM
Subject:        Re: AW: Which platforms will be supported in the future on
            which platforms will be removed?
Sent by:        owner-openssl-...@openssl.org



On Tue, Jun 03, 2014 at 11:22:58AM +1000, Peter Waltenberg wrote:
>
> I won't argue that sometimes legacy support makes the code hard to read,
> but in itself I don't think it's causing bugs.

The OpenBSD people are right here.  If it's hard to read, then we
don't have many eyeballs on the code.  And while that isn't the only
way to curtail an active development community (Sun Microsytems came
up with many more), it's certainly one of the more effective ones.

It's not like someone wakes up and says, "I know!  I'll screw over the
entire internet by introducing a security bug!"  It happens by
accident, and the messier your code is, the more likely it is to
happen.  Code needs to be easy to read; or else you get bugs.  There's
a reason why the Linux kernel coding style strongly discourages
in-line #ifdef's in code.

> I'd also point out that legacy platforms are pretty common in the
embedded
> space and may even make up the majority of instances of OpenSSL in the
> wild.

I don't think there are a lot of embedded systems using (a) VMS, (b)
Windows 3.1, or (c) EBCDIC.

Cheers,

                                                                                
  - Ted
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to