From d24a1678e29e478090a9fa7ea53f5516e5815882 Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Tue, 23 Apr 2024 11:16:13 -0400 Subject: [PATCH] fixup! Add a policy for migration of algorithms to the legacy provider --- policies/legacy-migration.md | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/policies/legacy-migration.md b/policies/legacy-migration.md index a812f1f..41f2f0a 100644 --- a/policies/legacy-migration.md +++ b/policies/legacy-migration.md @@ -1,19 +1,23 @@ # Legacy Provider Policy + ## Purpose The Legacy Provider exists to create an opt-in availability mechanism for algorithms that, for various reasons, should have their use discouraged. These reasons include, but are not limited to: + * Discovered security issues leaving the algorithm in question unsafe for general use + * Lack of popular use (i.e. balancing code size vs consumption frequency) OpenSSL recognizes that consumption of these algorithms may continue to be required by consuming applications after the conditions above have been recognized. The Legacy provider exists to provide a mechanism for such -applications to continue to access these algorithms while allowing applications -that don't require them to inadvertently continue to use them. +applications to continue having access to these algorithms while preventing +applications that don't require them from inadvertently using them. ## Constraints on moving an algorithm to the legacy provider + 1) Migration of an algorithm to the legacy provider must occur on a semantically versioned major release boundary. Once a major release includes a given algorithm in a given provider, it must remain there for every minor release in @@ -31,9 +35,8 @@ provider at any time. Removal from the Legacy provider should occur only on semantically versioned major release boundaries. ## Migration announcement mechanism -Announcements of migrations from a source provider to the Legacy provider is -made via the ALG-DEPRECATIONS.md file in the source code root directory for -OpenSSL. This file will list the algorithm SN, NID, the date at which the -deprecation was announced, and the date at which the algorithm was removed from -the source provider - +Announcements of migrations from the default provider to the Legacy provider is +made via the DEPRECATIONS.md file in the source code root directory for +OpenSSL. This file will list the algorithm SN, NID, the version in which the +deprecation was announced, and the version in which the algorithm was removed +from the source provider