[Interest] Qt 5.9 and OpenSSL 1.1?
roland at logikalsolutions.com
Sat Sep 14 14:53:54 CEST 2019
On 9/14/19 5:00 AM, Thiago Macieira wrote:
> On Friday, 13 September 2019 00:12:44 PDT René J. V. Bertin wrote:
>>>> Ideally qt should be compatible for both. I understand this is not
>>>> doable ?
>>> It's not doable.
>> Technically it seems that it should be possible when loading the SSL
>> libraries at runtime, no?
> No. Loading the library is easy. Calling functions in it, with structures
> whose sizes (and names) differ between versions is not.
>>>> At least deliver binaries for both, please.
>>> That's one option we're studying, but that means you'll have to ask your
>>> user when they download.
>> What about LibreSSL, do they have the same inter-version compatibility
>> issues as OpenSSL has, and could you distribute a binary version in your
>> binary packages? If so, it could be worth the initial investment to start
>> supporting it?
Thanks for the link Thiago. I really like the wind farm one on that page.
In the complete anarchy of OpenSource where 12 year old boys hacking in
the fly (AGILE) all vying to be the "maintainer" of some package in some
distro, no 2 versions of anything are _ever_ compatible. It's usually
off by far more than tweaks. Generally the 12 year old boys (no matter
how old the calendar says they are) declare "this code is sh*t, I'm
going to rewrite it from scratch!" So much for maintaining!
In the good and virtuous proprietary world, where products are created
and maintained by a single vendor looking to stay in business for
hundreds of years, backward compatibility is paramount. At most you will
have a few tweaks. VMS shell scripts (and many other things) ported from
VAX (32-bit) to Alpha (64-bit) to Itanium (completely worthless 64-bit)
and now to x86 with at most a couple of tweaks. The same is true for JCL
and COBOL programs created in the 1970s on the IBM System-36. They
ported to MVS and Z/OS with at most tiny tweaks. Some even claim they
cleanly moved to OS/400.
Please keep in mind there is no version of SSL which is secure. All you
are doing by using it is hanging a CLOSED sign on the unlocked door to a
jewelry store having $20 million in inventory sitting in the cases
without an alarm system.
Please also keep in mind the big systems are moving towards a TCP/IP
software appliance within the OS. No application will be able to create
or open a port. No application will be able to choose/define the
transport layer security. They will open a logical-resource-handle
provided by the OS and the systems manager will configure if that
resource is I, O, or I/O as well as what the transport level protocols
are. Eventually (within 5 years of adoption) this will be forced out
into the IoT and lesser devices world as well.
Roland Hughes, President
More information about the Interest