>> I did not say “no maintenance costs”. I said that I concur that the >> maintenance costs for such code would be minimal, which usually it is. >> >> I’m against “disabling by default”. Removing access to such code from libssl >> is OK, and the correct thing to do from the security point of view. Removing >> from libcrypto is bad, and enough people here explained why well enough to >> avoid repeating the reasons. > > Yes, but a several people (including me) disagree with you.
I know. > And one of the options that has been suggested is to keep the code but have it > disabled by default. I know. And I expressed my (negative) opinion of this option, which is better than completely wiping the code, but not by very much – as you correctly pointed out. Still, at least this way user wouldn’t have to chase down the source files of an old algorithm.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev