[Info-vax] OpenSSL CSWS-2.2-1
Robert A. Brooks
FIRST.LAST at vmssoftware.com
Sat Apr 6 20:17:43 EDT 2019
On 4/6/2019 6:54 PM, terry-groups at glaver.org wrote:
> On Saturday, April 6, 2019 at 1:24:05 PM UTC-4, Stephen Hoffman wrote:
>> The current OpenVMS CSWS version is based on Apache HTTP Server V2.4-38.
>
> Is it really that up-to-date? I'd be amazed. A Google search for "OpenVMS
> CSWS" leads me to
> https://support.hpe.com/hpsc/doc/public/display?docId=a00058394en_us which
> says it is based on Apache 2.0.65, and took apparently nearly a year and a
> half (based on June 2013 release date from the Apache Foundation and an
> October 2014 date on the HP release notes).
We (VSI) have a much more current version of Apache, although I'd be
hard-pressed to tell you what that is. I suspect the version that Steve
referred to is ours.
> The three things I think HP got wrong (and Compaq and DEC before them) are:
> 1) Thinking that "port once and done" is a workable solution, and when they
> find out it isn't, making another "port once and done" effort. This is
> something that needs to continuously track the upstream branch.
We are not going the DEC/CPQ/HP way. We've got a group of people
who are dedicated to open source work. The current big effort is with Samba.
I'm pretty sure that OpenSSL V1.1.1 is also underway.
> 2) Assigning (apparently) arbitrary version numbers instead of using the
> upstream version number (possibly with a suffix like "-VMS1", "-VMS2", etc.
> if multiple VMS releases against the same upstream version are needed (which
> shouldn't happen if the upstream releases are being tracked regularly).
In general, I didn't think we are doing that, although the "-Q" above confuses
me. Then again, I know very little about our open source work.
> 3) Producing incompatible releases of various upstream packages that are
> supposed to work together. I've read many posts where people say that package
> A requires OpenSSL X, but package B requires OpenSSL Y which has a different
> API than OpenSSL X.
I do know that we are pretty good at documenting requirements and restrictions,
and ensuring that they are accurate.
--
-- Rob
More information about the Info-vax
mailing list