This is the mail archive of the ecos-discuss@sourceware.org mailing list for the eCos project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Re: On Porting OpenSSL v1.0.0c


* John Dallaway <john@dallaway.org.uk> wrote:
> Mark, was there much effort involved in updating Andrew Lunn's original
> port of OpenSSL v0.9.6b? The version numbering suggests no major changes.

There were an awful lot of changes; that range spans almost nine
years of development. See http://www.openssl.org/news/changelog.html
for full details.  (BTW, OpenSSL release numbering doesn't follow the
traditional major.minor.patch inaming scheme; it might be better described
as major.submajor.minor[patch].)

By the way, 0.9.8o is the subject of two recent security advisories;
anybody using it in a real project ought to upgrade to 0.9.8q or at
the very least read the advisories carefully and consider applying the
patches given within. (Indeed, anybody using OpenSSL in a real project
ought at the very least to subscribe to openssl-announce.)


> Does anyone have up-to-date information (with reference) on the
> restrictions for hosting this class of cryptographic source code on a
> publically-accessible server located in the United States?

The Debian project researched the situation a few years ago - with legal
assistance - and consequently decided to integrate crypto with their
main distribution, jump through a few hoops to notify the US government
about it, and stop maintaining their non-US crypto download site.
http://www.debian.org/legal/cryptoinmain has information.


Ross

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]