[fpc-devel] https support; call for testers

Tomas Hajny XHajT03 at hajny.biz
Thu May 1 18:21:49 CEST 2014 

On 1 May 14, at 17:52, Michael Van Canneyt wrote:
> On Thu, 1 May 2014, Tomas Hajny wrote:
> > On 1 May 14, at 16:36, Michael Van Canneyt wrote:
 .
 .
> >> Thanks for your addition.
> >> Definite proof that open source is still the best way for software development.
> >
> > Well, yes. Unfortunately, there's also a proof of certain open source
> > inefficiency if not following the open source approach fully (in
> > particular by forking the original source instead of pushing
> > improvements and extensions upstream). :-( The OpenSSL library
> > originally comes from Synapse. It was apparently forked by Ales
> > Katona back in 2006. Since then, different changes (fixes,
> > improvements and extensions) have been performed independently on
> > both sides. Would it be better if there's only one version containing
> > fixes from both projects (even if this version is located on two
> > different places)? Yes, of course, but noone takes care about this...
> > :-(
> 
> I had thought about this. In general, I try to take care of this concern,
> since it is my concern as well.

What do you mean that you try to take care? Will you try to re-align 
the two and e.g. send the latest improvements to Lukas Gebauer? I'm 
ready to test proper working of my OS/2 support related changes added 
earlier to Synapse once they get merged to the FPC tree. ;-)


> But do not forget that synapse is also meant to be compileable with Delphi.
> That complicates matters somewhat.

Yes, it does to certain level. However, it isn't so bad in my point 
of view:

1) I believe that Lukas would happily take care about maintaining 
compatibility of provided changes to other compilers.

2) I don't see a big issue with keeping support for other compilers 
inside a unit within the FPC tree as long as this part is maintained 
by someone else.

3) I believe that it shouldn't be difficult to avoid using constructs 
absolutely specific to FPC in a unit which was primarily meant as 
means for accessing and using OpenSSL library functionality.


 .
 .
> As a side note:
> I'm not really surprised to hear about the heartbleed bug: even C programmers 
> should get scared looking at the code. I was therefor glad to hear that the
> BSD team started on a rewrite (libreSSL). Maybe it will result in cleaner code.

Maybe. Or it is wishful thinking. ;-)

Tomas

More information about the fpc-devel mailing list