Hi, On 13/11/15 17:08, stefan.n...@t-online.de wrote: >> We are considering removing from OpenSSL 1.1 known broken >> or outdated cryptographic primitives. > [...] >> My preference would be to remove these algorithms completely >> (as in, delete the code). > > From the formal[istic] point of view, I'd suggest to follow the way > many libraries use for API changes, i.e. to only remove the > algorithms that currently are already disabled by default and only > disable the rest (clearly stating the intention of removing them in > the next release), but still keep if for now. So users get a fair > warning and a timeframe for "fixes", before things are finally > removed.
I strongly agree with this. Not every OpenSSL user reads the openssl-dev mailing list (nor -announce). I have been bitten by this in the past in other FOSS projects which only solicited comments from mailing list readers. Disabling (and deprecating) them achieves most of the desired effect anyway as it makes it trivial to identify which bits to remove later on. Jifl -- eCosCentric Limited http://www.eCosCentric.com/ The eCos experts Barnwell House, Barnwell Drive, Cambridge, UK. Tel: +44 1223 245571 Registered in England and Wales: Reg No 4422071. ------["Si fractum non sit, noli id reficere"]------ Opinions==mine _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
