Skip to content

Commit d24a167

Browse files
nhormannhorman
committed
fixup! Add a policy for migration of algorithms to the legacy provider
1 parent 4592ed3 commit d24a167

File tree

1 file changed

+11
-8
lines changed

1 file changed

+11
-8
lines changed

policies/legacy-migration.md

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,23 @@
11
# Legacy Provider Policy
2+
23
## Purpose
34
The Legacy Provider exists to create an opt-in availability mechanism for
45
algorithms that, for various reasons, should have their use discouraged. These
56
reasons include, but are not limited to:
7+
68
* Discovered security issues leaving the algorithm in question unsafe for
79
general use
10+
811
* Lack of popular use (i.e. balancing code size vs consumption frequency)
912

1013
OpenSSL recognizes that consumption of these algorithms may continue to be
1114
required by consuming applications after the conditions above have been
1215
recognized. The Legacy provider exists to provide a mechanism for such
13-
applications to continue to access these algorithms while allowing applications
14-
that don't require them to inadvertently continue to use them.
16+
applications to continue having access to these algorithms while preventing
17+
applications that don't require them from inadvertently using them.
1518

1619
## Constraints on moving an algorithm to the legacy provider
20+
1721
1) Migration of an algorithm to the legacy provider must occur on a semantically
1822
versioned major release boundary. Once a major release includes a given
1923
algorithm in a given provider, it must remain there for every minor release in
@@ -31,9 +35,8 @@ provider at any time. Removal from the Legacy provider should occur only on
3135
semantically versioned major release boundaries.
3236

3337
## Migration announcement mechanism
34-
Announcements of migrations from a source provider to the Legacy provider is
35-
made via the ALG-DEPRECATIONS.md file in the source code root directory for
36-
OpenSSL. This file will list the algorithm SN, NID, the date at which the
37-
deprecation was announced, and the date at which the algorithm was removed from
38-
the source provider
39-
38+
Announcements of migrations from the default provider to the Legacy provider is
39+
made via the DEPRECATIONS.md file in the source code root directory for
40+
OpenSSL. This file will list the algorithm SN, NID, the version in which the
41+
deprecation was announced, and the version in which the algorithm was removed
42+
from the source provider

0 commit comments

Comments
 (0)