On 9/14/19 5:00 AM, Thiago Macieira wrote:
On Friday, 13 September 2019 00:12:44 PDT René J. V. Bertin wrote:
Ideally qt should be compatible for both. I understand this is not
doable ?
It's not doable.
Technically it seems that it should be possible when loading the SSL
libraries at runtime, no?
No. Loading the library is easy. Calling functions in it, with structures
whose sizes (and names) differ between versions is not.
At least deliver binaries for both, please.
That's one option we're studying, but that means you'll have to ask your
user when they download.
What about LibreSSL, do they have the same inter-version compatibility
issues as OpenSSL has, and could you distribute a binary version in your
binary packages? If so, it could be worth the initial investment to start
supporting it?
https://xkcd.com/927/
Thanks for the link Thiago. I really like the wind farm one on that page.
In the complete anarchy of OpenSource where 12 year old boys hacking in
the fly (AGILE) all vying to be the "maintainer" of some package in some
distro, no 2 versions of anything are _ever_ compatible. It's usually
off by far more than tweaks. Generally the 12 year old boys (no matter
how old the calendar says they are) declare "this code is sh*t, I'm
going to rewrite it from scratch!" So much for maintaining!
In the good and virtuous proprietary world, where products are created
and maintained by a single vendor looking to stay in business for
hundreds of years, backward compatibility is paramount. At most you will
have a few tweaks. VMS shell scripts (and many other things) ported from
VAX (32-bit) to Alpha (64-bit) to Itanium (completely worthless 64-bit)
and now to x86 with at most a couple of tweaks. The same is true for JCL
and COBOL programs created in the 1970s on the IBM System-36. They
ported to MVS and Z/OS with at most tiny tweaks. Some even claim they
cleanly moved to OS/400.
Please keep in mind there is no version of SSL which is secure. All you
are doing by using it is hanging a CLOSED sign on the unlocked door to a
jewelry store having $20 million in inventory sitting in the cases
without an alarm system.
Please also keep in mind the big systems are moving towards a TCP/IP
software appliance within the OS. No application will be able to create
or open a port. No application will be able to choose/define the
transport layer security. They will open a logical-resource-handle
provided by the OS and the systems manager will configure if that
resource is I, O, or I/O as well as what the transport level protocols
are. Eventually (within 5 years of adoption) this will be forced out
into the IoT and lesser devices world as well.
--
Roland Hughes, President
Logikal Solutions
(630)-205-1593
http://www.theminimumyouneedtoknow.com
http://www.infiniteexposure.net
http://www.johnsmith-book.com
http://www.logikalblog.com
http://www.interestingauthors.com/blog
_______________________________________________
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest
