On 3/16/2010 4:53 PM, Kees Dekker wrote: >>> * I saw a lot of NT4 code. >> >> What NT4 code? You must be referring to _WIN32_WINNT macro >> sometimes set >> to 0x400. It does not denote NT4-specific code, it denotes >> that NT4 is >> required *minimum*. Meaning that it targets *all* Windows versions >> *past* 4: 2000, XP, 2003, Vista, 2008, 7, etc. > > Example: rand_win.c, check on osverinfo.dwMajorVersion < 5 (i.e. NT4). > And all places, using GetVersion() >= 0x80000000 points to Win9x code. > But, please ignore this remark. My key point is the dependency to user32.dll. > Sorry for causing confusion.
It is past time to deprecate all 9x and NT support, but I expect we will only see this occur in OpenSSL 1.0.0 (in which case, deprecating 2000 is equally valid, since Extended Support for Windows 2000 Server and Windows 2000 Professional ends on July 13, 2010). These machines are toxins when connected to a public internet due to known security flaws, we must go on the assumption that the typical user/operator does not know how to/does not go to the trouble to disable unused services. As a security layer provider, OpenSSL project would obviously be much more attentive to such issues than a typical open source project. Therefore Windows XP/2003 as a baseline, going forwards is completely reasonable. I realize this is a tangent of the original report, but its certainly legitimate. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
