I think that option 2 could work well for our team. I don't think we need the Xalan support, but I have to research that a bit more. Even if we did then we could refactor our code or just maintain a copy of the code in our own repo. The reason that I'd vote for this is that RHEL9 is already released and I am not sure if Santuario 2.0.4 has been built and tested by anyone for RHEL9. The migration from RHEL7 to RHEL8 was not particularly easy for us, mostly due to issues with openssl on RHEL8 having breaking API changes. I think RHEL9 uses a variant of OpenSSL 3.x which Santuario 2.0.4 is already compatible with.
Has anyone already migrated to RHEL9 and confirmed that Santuario 2.0.4 builds and runs on that platform? Meanwhile I've forwarded the original email to the rest of my team to consult with them on what they'd prefer we do. Unfortunately I only know the bare minimum of how this library is used in our software and I do not have a good enough understanding of SSL or the capabilities provided by this library to contribute much to the project. I could certainly contribute some testing and evaluation time when new versions are produced. Thanks, Shawn Fox -----Original Message----- From: Cantor, Scott <[email protected]> Sent: Monday, February 26, 2024 6:13 AM To: [email protected] Subject: Re: Public discussion on future of C++ library External Email Alert This email has been sent from an account outside of the BAE Systems network. Please treat the email with caution, especially if you are requested to click on a link, decrypt/open an attachment, or enable macros. For further information on how to spot phishing, access “Cybersecurity OneSpace Page” and report phishing by clicking the button “Report Phishing” on the Outlook toolbar. > As you are the sole maintainer, IMO it's your decision to make. > Personally I'd be fine with Option (2), but are you willing to > maintain the code, review any rare patches submitted, release > sporadically etc.? Otherwise I think it's time to archive the project. I'm willing for a few years (once it's been trimmed down), after that I will be off the code base. So yes, it's at most buying a few more years of a slimmed down version and then it would have to be handed off or archived then. I'll give more people a chance to weigh in if they care, but given the short shelf life involved, I'm leaning towards saying we should archive it. -- Scott
