On 05/05/2015 01:21 AM, Matt Caswell wrote: > I am considering removing Kerberos support from OpenSSL 1.1.0. There are > a number of problems with the functionality as it stands, and it seems > to me to be a very rarely used feature.
I don't understand what it means to say the feature "seems" rarely used. Is there any actual evidence about the number and/or importance of uses? > I'm interested in hearing any > opinions on this (either for or against). Opinions are not a good substitute for actual evidence. This thread has revealed that some people on this list would prefer something else, but that leaves unanswered (and almost unasked) the question of whether Kerberos is actually being used. Personally I don't use it, but that does not come close to answering the question. A few moments of googling suggest that some people are using Kerberos in conjunction with openssl. For example: http://linuxsoft.cern.ch/cern/slc61/i386/yum/updates/repoview/krb5-pkinit-openssl.html > I plan to start preparing the patches to remove it next week. Why do we think that's worth the trouble? What evidence is there that removal won't cause problems? It's hard to prove a negative, and the recent discussions on this list don't even come close. I don't care about Kerberos directly, but it seems like a poor use of resources to worry about Kerberos while more pressing issues are left unaddressed. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
