On 19 November 2015 at 16:56, Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu > wrote:
> Heh. I actually tested building all releases of openssl after 0.9.7 a few > months back - several refuse to build with the default options on 64 bit. > In addition my experience shows that compilers get stricter over time, so > old code will general need changes to work with newer compilers (even when > you're only talking over a relatively short period such as 5 years). Now if > this code were included in openssl but disabled by default then these > problems would exist but simply be hidden until someone tried to use it. > Given the user would then have to fix them (since no one else cares about > their favourite dead algorithm) I don't really see what advantage having > the code in the main tree offers. > > > I did not say “no maintenance costs”. I said that I concur that the > maintenance costs for such code would be *minimal*, which usually it is. > > I’m against “disabling by default”. Removing access to such code from > libssl is OK, and the correct thing to do from the security point of view. > Removing from libcrypto is bad, and enough people here explained why well > enough to avoid repeating the reasons. > Yes, but a several people (including me) disagree with you. And one of the options that has been suggested is to keep the code but have it disabled by default. Rich.
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev