[openssl-dev] About multi-thread unsafe for APIs defined in crypto/objects/obj_dat.c

2018-01-23 Thread Yun Jiang 
The APIs defined in the file crypto/objects/obj_dat.c share some static global 
variables defined in the file without locking, which makes the APIs in this 
file not multi-thread safe even if the locking callbacks are set. In addition, 
the APIs in this file are also used by the other OpenSSL APIs, which makes the 
following OpenSSL documentation statement invalid 
(https://www.openssl.org/docs/man1.0.2/crypto/threads.html)


"OpenSSL can safely be used in multi-threaded applications provided that at 
least two callback functions are set, locking_function and threadid_func."


Is there any planning to fix this issue?


-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Florian Weimer 
* Hubert Kario:

> when I mark project as followed I'm getting messages from all issues
> and all PRs - likely dozens if not hundred messages a day

But isn't that the point?

My main concern with Github is that I have no record of my own
actions.  (Their single-account policy is also a problem for some of
us, but that is perhaps our own fault.)
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Richard Levitte 
In message <8c351e82-600b-487e-aef3-a3f42cd23...@akamai.com> on Tue, 23 Jan 
2018 14:38:14 +, "Salz, Rich via openssl-dev"  
said:

openssl-dev> 
openssl-dev> ➢ For the lovers of NNTP: openssl-project has been added to 
news.gmane.org
openssl-dev> as gmane.comp.encryption.openssl.project as readonly list.
openssl-dev>   
openssl-dev> I will always have a fondness for NNTP :)

...  except for the trashing of the database disk(s) back in the days
if you're running a server...  (I did)  (on VMS ;-))

But yeah, totally agree otherwise

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Salz, Rich via openssl-dev 
➢ ah, true, I have those disabled because I use the same account for both my 
personal and my work projects so no single email address is correct for them

At least we figured out the confusion!

I have no good answer other than subject line filtering and forwarding, sorry.

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Hubert Kario 
On Tuesday, 23 January 2018 16:13:30 CET Salz, Rich wrote:
> ➢  github ones require me to go to the web 
> UI which is slow
> 
> I am confused by that.  When someone posts an issue or comment, I get the
> text emailed to me.  Not just openssl, but all projects I watch.
 
ah, true, I have those disabled because I use the same account for both my 
personal and my work projects so no single email address is correct for them

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

signature.asc
Description: This is a digitally signed message part.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Salz, Rich via openssl-dev 
➢  github ones require me to go to the web 
UI which is slow

I am confused by that.  When someone posts an issue or comment, I get the text 
emailed to me.  Not just openssl, but all projects I watch.




-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Dr. Matthias St. Pierre 
On 23.01.2018 15:54, Hubert Kario wrote:
> On Tuesday, 23 January 2018 15:36:26 CET Salz, Rich wrote:
>> ➢ this feature sends notifications about _all_ conversations happening.
>> 
>> For me, I get the actual comments that are posted.  Don’t you?
> when I comment in an issue/PR or mark it as followed I'm getting only 
> messages 
> from that issue/PR
>
> when I mark project as followed I'm getting messages from all issues and all 
> PRs - likely dozens if not hundred messages a day

Have you checked Github > Settings > Emails > Email preferences ? 
Maybe yours are set to "Receive all emails"?

My settings are as follows:

   ( )  Receive all emails, except those I unsubscribe from.

   (*) Only receive account related emails, and those I subscribe to.

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Hubert Kario 
On Tuesday, 23 January 2018 15:36:26 CET Salz, Rich wrote:
> ➢ this feature sends notifications about _all_ conversations happening.
> 
> For me, I get the actual comments that are posted.  Don’t you?

when I comment in an issue/PR or mark it as followed I'm getting only messages 
from that issue/PR

when I mark project as followed I'm getting messages from all issues and all 
PRs - likely dozens if not hundred messages a day

> On the
> mailing list, you have to explicitly mark/junk conversation threads in your
> mail program.  You would still have to do that here.
 
> I don’t understand what you see as different?

that marking a conversation as ignored and going to next one is two key 
combinations and less than a second, github ones require me to go to the web 
UI which is slow, and if I have to view the issue because subject is ambiguous 
it takes ten times as long as it does when using email

email clients are designed to handle hundreds to thousands of messages a day, 
Github UI isn't

or to put it other way: github notifications are perfect if you are directly 
involved in the project, they suck if you just want to keep tabs on an active 
project
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

signature.asc
Description: This is a digitally signed message part.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Salz, Rich via openssl-dev 

➢ For the lovers of NNTP: openssl-project has been added to news.gmane.org
as gmane.comp.encryption.openssl.project as readonly list.
  
I will always have a fondness for NNTP :)  But that reminds me to nudge the 
other mailing list distributors, and update the website.  Thanks!

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Salz, Rich via openssl-dev 
➢ this feature sends notifications about _all_ conversations happening.

For me, I get the actual comments that are posted.  Don’t you?  On the mailing 
list, you have to explicitly mark/junk conversation threads in your mail 
program.  You would still have to do that here.

I don’t understand what you see as different?

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Hubert Kario 
On Tuesday, 23 January 2018 15:22:13 CET Salz, Rich wrote:
> You should be able to just watch the openssl repo (the eyeball/watch notice
> in the upper-right side)

that's what I was talking about

this feature sends notifications about _all_ conversations happening.

> On 1/23/18, 7:00 AM, "Hubert Kario"  wrote:
> 
> On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev
> wrote:
> > There’s a new blog post at 
> > 
> > https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
> 
> 
> 
> > We decided to increase our use of GitHub. In addition to asking that
> > all bug
> > reports and enhancement requests be reported as issues, we
> > now want all major code proposals to be discussed as issues before a
> > large pull request shows up. This will let the community discuss the
> > feature, offer input on design and such, before having code to look
> > at. We hope this will let us all first look at the bigger picture,
> > before getting bogged down in the weeds of line-by-line code reviews.
> 
> 
> does that mean I have to subscribe to all notifications from the openssl
> 
> github project to notice them? that's really suboptimal
> 
> -- 
> Regards,
> Hubert Kario
> Senior Quality Engineer, QE BaseOS Security team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
> 


-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

signature.asc
Description: This is a digitally signed message part.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Jan Ehrhardt 
Salz, Rich via open ssl-dev in gmane.comp.encryption.openssl.devel
(Fri, 19 Jan 2018 17:34:57 +):
>- New mailing list openssl-project for project discussions

For the lovers of NNTP: openssl-project has been added to news.gmane.org
as gmane.comp.encryption.openssl.project as readonly list.
-- 
Jan

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Salz, Rich via openssl-dev 
You should be able to just watch the openssl repo (the eyeball/watch notice in 
the upper-right side)

On 1/23/18, 7:00 AM, "Hubert Kario"  wrote:

On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote:
> There’s a new blog post at 
> https://www.openssl.org/blog/blog/2018/01/18/f2f-london/

> We decided to increase our use of GitHub. In addition to asking that all 
bug
> reports and enhancement requests be reported as issues, we now want all
> major code proposals to be discussed as issues before a large pull request
> shows up. This will let the community discuss the feature, offer input on
> design and such, before having code to look at. We hope this will let us
> all first look at the bigger picture, before getting bogged down in the
> weeds of line-by-line code reviews.

does that mean I have to subscribe to all notifications from the openssl 
github project to notice them? that's really suboptimal

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Dmitry Belyavsky 
Hello,

On Tue, Jan 23, 2018 at 3:00 PM, Hubert Kario  wrote:

> On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote:
> > There’s a new blog post at
> > https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
>
> > We decided to increase our use of GitHub. In addition to asking that all
> bug
> > reports and enhancement requests be reported as issues, we now want all
> > major code proposals to be discussed as issues before a large pull
> request
> > shows up. This will let the community discuss the feature, offer input on
> > design and such, before having code to look at. We hope this will let us
> > all first look at the bigger picture, before getting bogged down in the
> > weeds of line-by-line code reviews.
>
> does that mean I have to subscribe to all notifications from the openssl
> github project to notice them? that's really suboptimal
>

Totally agree.


-- 
SY, Dmitry Belyavsky
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Blog post; changing in email, crypto policy, etc

2018-01-23 Thread Hubert Kario 
On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote:
> There’s a new blog post at 
> https://www.openssl.org/blog/blog/2018/01/18/f2f-london/

> We decided to increase our use of GitHub. In addition to asking that all bug
> reports and enhancement requests be reported as issues, we now want all
> major code proposals to be discussed as issues before a large pull request
> shows up. This will let the community discuss the feature, offer input on
> design and such, before having code to look at. We hope this will let us
> all first look at the bigger picture, before getting bogged down in the
> weeds of line-by-line code reviews.

does that mean I have to subscribe to all notifications from the openssl 
github project to notice them? that's really suboptimal

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

signature.asc
Description: This is a digitally signed message part.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev