Hi Emmanuel, Emmanuel Deloget wrote on Fri, Jun 23, 2017 at 12:26:47AM +0200: > * the openssl team has no real incentive to propose a shim ; If major application projects refuse to support their new release, thus putting pressure on operating system distributions to not completely switch to 1.1 either, that is not an incentive? > Did I miss something? Maybe you are striving for the wrong goal. It is not a goal to clobber something together and encourage OpenSSL to repeat such recklessness in the future, and leave users out in the rain once again. It is not a goal either to create a shim that is not officially audited and thoroughly tested by the original authors who know their original code best, to create a shim that creates additional dangers for security. We are talking about security software here, so this is not the place at all to lightly cobble something together, in particular not in ways involving many lines of additional code. If a few important projects keep up resistance and refuse support for 1.1 until OpenSSL rolls up their sleeves and fixes the mess they have created, maybe they will eventually realize that they started a job here, wandered off half-way, and failed to ever properly finish it. So, such resistance has a chance to improve the situation for everybody. And i can't think of many projects that are in as widespread use as OpenSSH, and hence can be more valuable with respect to such resistance. Just my personal 2 cents, yours, Ingo _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev