On Thu, Jul 17, 2008 at 6:16 PM, Geoff Thorpe <[EMAIL PROTECTED]> wrote: > On Wednesday 16 July 2008 14:56:26 Kenneth Goldman wrote: >> [EMAIL PROTECTED] wrote on 07/16/2008 10:08:31 AM: >> > 2) using static builds has a benefit: you know exactly what your [..] >> Is this really a drawback? Since OpenSSL updates break backward [..] > Has this ever been (in recent history) an issue within a given release branch? [..]
Nope, hasn't been a problem for a long time, but the question was - at least I read it that way - about using crypto+ssl as a [possible] mix static and dynamic and a risk analysis was requested. Sorry I didn't tack percentages to it, as some of the risks are less than others, but if the message came across that mixing parts static, parts dynamic is not the coolest thing to do (you can build both crypto and ssl as static /or/ dynamic libs and use them, no sweat, but please use the same style for both; you won't get a surprise this year, but if you have customers (like I have on Windows) who install other packages too, which happen to overwrite/update 'your' OpenSSL DLLs, well, you just /might/ be in for a little surprise functionality-wise (that binary compatibility is all hunky dory at the same time) - those tiny little surprises that are damn hard to debug over an email line and neigh impossible to reproduce. Risk level: LOW. (see the time difference between 0.9.5 and 0.9.9 in my example) Personally, I don't favor static or dynamic, both have their merits. It's just that mixing static linking crypto and dynamic linking ssl gives me goosebumps. Don't put too much into this, I come from another world and it's just that I've learned the hard way to keep either all my libraries as is, no touching, or, if you want 'to stay abreast' (and with crypto you should, is my belief) at least keep all stuff from a single vendor in sync. This is not about OpenSSL: the hard knocks came from other places (e.g. at really bad nights I vividly remember issues with Microsoft MFC42 dlls; all the same yet some are more same than others. I'm glad OpenSSL performs way beyond /that/ quality level.) Mea culpa if my response upset anyone. -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
