On Wed, Sep 04, 2019 at 02:43:34PM +0200, Tomas Mraz wrote: > > The dispute in PR https://github.com/openssl/openssl/pull/7853 has > > made it quote obvious that we have some very different ideas on when > > and why we should or shouldn't deprecate stuff. > > > > What does deprecation mean? Essentially, it's a warning that at some > > point in the future, the deprecated functionality will be removed. I > > believe that part of the issue surrounding this is uncertainty about > > when that removal will happen, so let me just remind you what's > > written in our release strategy document:
Actually, my issue was not timing, but whether the particular feature warrants eventual removal. I don't believe it does. > > 1. Why should we deprecate stuff > > Because keeping every legacy API/feature/option/... increases the > maintenance burden, attack surface, confuses users/developers, and in > general hinders the development. > > > 2. Why should we not deprecate stuff > > If something does not really have an adequate replacement, it does not > really increase the maintenance burden, does not significantly increase > the attack surface, and is still used widely in applications, it should > not be deprecated. This is essentially the basis of my objection, with less emphasis on "adequate replacement". Just because we *can* ask users to rewrite their code, does not mean we *should*. -- Viktor.