In message <[email protected]> on Sat, 22 Sep 2018 07:59:55 +0200 (CEST), Richard Levitte <[email protected]> said:
> So far, we've basically seen two proposed solutions to the problem: > ... > > - the other goes to the semantics of the encoded version number > according to documentation in opensslv.h and pod and drops the bits > that don't correspond to semantic versioning. This will require > those that check for compatibility to change their mask to match. > In essence, openssh will have to introduce something like this: > > if (headerver >= 0x20000000L) > mask = 0xf0000000L; > > ... and adjust their lfix and hfix masks to match. After writing this, I caught up on Tim's last post on the matter, and this caught my eye: tim> And the logical test there remains valid in that it detects all tim> incompatible versions correctly - what changes is that some tim> versions that are compatible are seen as incompatible - but that tim> is an incorrect interpretation that is safe. The brutal interpretation is "yeah ok, them guys are a bit overly cautious / paranoid, but it's not a real problem visavi compatibility, so uhmm *shrug*". Put like that, it does resolve at least my concern. It will mean that those who use a mask that covers a bit more than just the major version number will get to rebuild their application a bit more often than absolutely necessary (as long as we stick to the social contract we make), until they adapt their checking. It doesn't actually break anything. This is something I can go with. Cheers, Richard -- Richard Levitte [email protected] OpenSSL Project http://www.openssl.org/~levitte/ _______________________________________________ openssl-project mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-project
