On 22/01/15 22:34, Steffen Nurpmeso wrote: > Since noone else seems to say a word. > I personally didn't understand at all why v1.0.2 when its > end-of-life is in sight already.
>From my personal point of view I would like all our releases to have defined up front lifetimes, so that it is clear how long you can expect to receive support for. With respect to 1.0.2 we're not actually quite there as we've only said: Version 1.0.2 will be supported until at least 2016-12-31. Note the "at least". There is a good chance that it will be supported for significantly longer than that. The reasons for that are discussed in my recent blog post: https://www.openssl.org/blog/blog/2014/12/23/the-new-release-strategy/ > Now you have to continue to > track three active branches. But this is your problem of course. Actually its four :-( - 0.9.8, 1.0.0, 1.0.1 and 1.0.2 (and of course we have master as well). Again see my blog post for a discussion on the thinking that went into it. As ever these decisions are a compromise between many competing pressures. > What i _really_ don't understand is why 1.0.2 is delivered with > false documentation (not only "int SSL_CONF_finish(SSL_CONF_CTX > *cctx);") etc., especially given that there are bug reports. > Documentation is a vivid part of a software, especially when > a completely new interface is introduced. From only the > documentation you won't be able to get that stuff going. > Is ALPN, a prominent member of the NEWS entry (you find it on the > website), at all documented? Where can i find a word about it?? Well "false" documentation seems a bit harsh to me :-)...that kind of makes it sound like we are deliberately setting out to mislead you!! It is a valid criticism that the documentation is not up to scratch. That applies to all versions...1.0.2 is nothing special there. It is on our list of things to sort out (see https://www.openssl.org/about/roadmap.html). That list has quite a few things on it, many of which are quite significant. Actually looking at it now reminds me that it could do with an update...quite a few of those things can either be knocked off (because we have done them), or we have some good progress to report. But documentation hasn't quite made it to the top of the list yet. It will do though. > So why that hastiness, now that OpenSSL gains enough money to pay > the bread of not only one, but indeed multiple fulltime > developers. Well 1.0.2 was in beta for nearly a year, so I'm not sure I would describe its release as hasty! Most of its development (including any associated documentation) was done before the time that any additional resources were made available. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
