So I disagree, it is a bug when it is not constant time.
On 3/26/20 8:26 PM, Tim Hudson wrote: > +1 for a release - and soon - and without bundling any more changes. The > circumstances justify getting this fix out. But I also think we need to > keep improvements that aren't bug fixes out of stable branches. > > Tim. > > On Fri, 27 Mar 2020, 3:12 am Matt Caswell, <[email protected]> wrote: > >> On 26/03/2020 15:14, Short, Todd wrote: >>> This type of API-braking change should be reserved for something like >>> 3.0, not a patch release. >>> >>> Despite it being a "incorrect", it is expected behavior. >>> >> >> Right - but the question now is not whether we should revert it (it has >> been reverted) - but whether this should trigger a 1.1.1f release soon? >> >> Matt >> >>> -- >>> -Todd Short >>> // [email protected] <mailto:[email protected]> >>> // “One if by land, two if by sea, three if by the Internet." >>> >>>> On Mar 26, 2020, at 11:03 AM, Dr. Matthias St. Pierre >>>> <[email protected] <mailto:[email protected]>> >>>> wrote: >>>> >>>> I agree, go ahead. >>>> >>>> Please also consider reverting the change for the 3.0 alpha release as >>>> well, see Daniel Stenbergs comment >>>> https://github.com/openssl/openssl/issues/11378#issuecomment-603730581 >>>> < >> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378-23issuecomment-2D603730581&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=djWoIIXyggxwOfbwrmYGrSJdR5tWm06IdzY9x9tDxkA&e= >>> >>>> >>>> Matthias >>>> >>>> >>>> *From**:* openssl-project <[email protected] >>>> <mailto:[email protected]>> *On Behalf Of *Dmitry >>>> Belyavsky >>>> *Sent:* Thursday, March 26, 2020 3:48 PM >>>> *To:* Matt Caswell <[email protected] <mailto:[email protected]>> >>>> *Cc:* [email protected] <mailto:[email protected]> >>>> *Subject:* Re: 1.1.1f >>>> >>>> >>>> On Thu, Mar 26, 2020 at 5:14 PM Matt Caswell <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> The EOF issue (https://github.com/openssl/openssl/issues/11378 >>>> < >> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_11378&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=MAiLjfGJWaKvnBvqnM4fcyvGVfUyj9CDANO_vh4wfco&e= >>> ) >>>> has >>>> resulted in us reverting the original EOF change in the 1.1.1 branch >>>> (https://github.com/openssl/openssl/pull/11400 >>>> < >> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_11400&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=87AtfQDFl1z9cdRP12QeRUizmgnW6ejbufNT40Gip4Q&s=3hBU2pt84DQlrY1dCnSn9x1ah1gSzH6NEO_bNRH-6DE&e= >>> ). >>>> >>>> Given that this seems to have broken quite a bit of stuff, I propose >>>> that we do a 1.1.1f soon (possibly next Tuesday - 31st March). >>>> >>>> Thoughts? >>>> >>>> >>>> I strongly support this idea. >>>> >>>> -- >>>> SY, Dmitry Belyavsky >>> >> >
