2007/609 Alpine: Mail User Agent

James Carlson james.d.carlson at sun.com
Tue Oct 23 12:30:33 PDT 2007 

Gary Winiger writes:
> > Dependencies: OpenSSL
> 
> 	Nit.  I presume this is PSARC/2003/500 OpenSSL in /usr/sfw.
> 	(later moved to /usr) Doesn't it require a contract?

I've added a draft contract to the common contracts directory of
2003/500 as "contract-14", and symlink'd it to this case's materials.

Once the draft has had some time for review, I'll send it off for
signatures.  Here's a copy:


@(#)contract	1.6 @(#) /shared/sac/arcARC-Templates/contract [1.6 02/03/27]
#ident	"@(#)contract.txt	1.3	03/11/04 SMI"

	CONTRACT ALLOWING/REQUIRING SPECIAL ARRANGEMENTS FOR INTERFACES

0.  Number:  PSARC/2003/500

1.  This contract is between
	a SUPPLIER of INTERFACES and
	a CONSUMER of those INTERFACES,
    both of whom are entities within Sun Microsystems, Incorporated.

2.  The SUPPLIER (definer and/or implementor) is identified by the following:
    Product or Bundle:  Solaris WOS
    Consolidation: ON
    Department or Group: Solaris Security Technology Group (SSTG)
    Bugtraq Category/SubCategory: solaris/solaris-crypto/openssl
    Responsible Manager: Craig.Payne at Sun.COM
    Contact: contract-2003-500 at sun.com

3.  The CONSUMER is identified by the following:
    Product or Bundle:	Solaris WOS
    Consolidation:  SFW
    Department or Group:  Solaris Networking
    Bugtraq Category/SubCategory: solaris/consolidation/sfw
    Responsible Manager: Shantnu Sharma
    Packages: SUNWalpine
    Contact: sfw_eval at sun.com

4.  The INTERFACES are:

	SSL_CTX_ctrl				Volatile
	SSL_CTX_free				Volatile
	SSL_CTX_load_verify_locations		Volatile
	SSL_CTX_new				Volatile
	SSL_CTX_set_cipher_list			Volatile
	SSL_CTX_set_default_verify_paths	Volatile
	SSL_CTX_set_tmp_rsa_callback		Volatile
	SSL_CTX_set_verify			Volatile
	SSL_CTX_use_PrivateKey			Volatile
	SSL_CTX_use_RSAPrivateKey_file		Volatile
	SSL_CTX_use_certificate			Volatile
	SSL_CTX_use_certificate_chain_file	Volatile
	SSL_accept				Volatile
	SSL_ctrl				Volatile
	SSL_free				Volatile
	SSL_get_error				Volatile
	SSL_get_fd				Volatile
	SSL_get_peer_certificate		Volatile
	SSL_library_init			Volatile
	SSL_load_error_strings			Volatile
	SSL_new					Volatile
	SSL_pending				Volatile
	SSL_read				Volatile
	SSL_set_bio				Volatile
	SSL_set_connect_state			Volatile
	SSL_set_fd				Volatile
	SSL_shutdown				Volatile
	SSL_state				Volatile
	SSL_write				Volatile
	SSLv23_client_method			Volatile
	SSLv23_server_method			Volatile
	TLSv1_client_method			Volatile
	TLSv1_server_method			Volatile

	Package SUNWopenssl-libraries		Unstable
	Library link /usr/sfw/lib/libssl.so	Unstable

	/usr/sfw/include/openssl/*.h		Unstable


5.  The ARC controlling these INTERFACES is: PSARC

6.  The CASE describing these INTERFACES is: PSARC/2003/500

    Note: this contract is not about a specific version of OpenSSL. It covers
    version 0.9.7d from PSARC/2003/500 and all subsequent versions. If a
    change in the OpenSSL interfaces requires an update of the contract then
    OpenSSL iteam will contact the consumer.

7.  The following SPECIAL ARRANGEMENTS are made which modify the rules
    imposed by the stability levels listed in section 4 above:
 
_Y_ 7a. Although the stability level doesn't normally restrict it,
        SUPPLIER promises to only modify INTERFACES in an incompatible
	way as follows:

        The SUPPLIER will modify the interfaces as needed by the evolution
        of OpenSSL releases shipped by on the www.openssl.org site.

_N_ 7b. Although the stability level doesn't normally allow it, CONSUMER will
        expose INTERFACES to a PARTNER, which is external to Sun, namely:
		Name of Company:
		Name of Department or Group within Company:
		Responsible Manager:

_Y_ 7c. Although the stability level doesn't normally allow it, CONSUMER will
        import INTERFACES from a separate consolidation.

        This contract is only avaliable for CONSUMERS who deliver directly
        to the Solaris WOS.

        If a contract for a CONSUMER who is not part of the Solaris WOS is
        requested it will be dealt with by ARC and the SUPPLIER as a new
        contract.

_Y_ 7d. If SUPPLIER decides to change (including replace or remove) any
	portion of the INTERFACES, SUPPLIER will notify CONSUMER of the
	proposed new version, no later than the application for ARC
	approval of the new version.
	If SUPPLIER and CONSUMER are contained in the same
	consolidation, they will have simultaneous conversion to the
	new interfaces.
	The SUPPLIER will make a best effort to do most of the work, but
	the CONSUMER must be willing to supply resources to assist with
	modification/testing of their consuming code if necessary.

	Only a single version of the INTERFACES will be available at any
	one time.

8. If CONSUMER requires changes in INTERFACES, they must work with the
   OpenSSL communittee.  The SUPPLIER is willing to assist with this
   process on a best effort to accommodate such changes.
   In general INTERFACE changes will not be made unless they come from
   the OpenSSL communittee.

9. N/A

10. SUPPLIER and CONSUMER agree that evolution of INTERFACES shall be
    handled as follows:

    The SUPPLIER will update the OpenSSL code base in the ON consolidation
    on an as needed basis.  The trigger for these events is based on the
    externally defined schedule of the OpenSSL communittee.

    The SUPPLIER will inform the CONSUMER(S) of this change via the
    contract alias before filing the RTI for integration into ON.

    Note that it may be necessary to update INTERFACES (or more likely
    the implementations of them) with less than 5 working days notice.

11. SUPPLIER and CONSUMER agree that INTERFACES will be supported as
    follows:

    The SUPPLIER will NOT provide any assistance for use of the interfaces
    they are Externally defined and the SUPPLIER is not necessarily an
    expert in their use.

12. SUPPLIER and CONSUMER agree that INTERFACES will be documented as
    follows:

    The only documentation will be that provided by the OpenSSL
    communittee, it will be shipped in the SUNWopenssl-man package
    in the form of Solaris nroff man pages.

13. SUPPLIER and CONSUMER agree that changes to the INTERFACES will be
    tested as follows:

    Before each intergration the OpenSSL test suites will be run.  The
    standard for "PASS" is that the version in the ON gate should produce
    the same functionality as binaries built using the OpenSSL makefiles
    for the same processor architecture.

14. SUPPLIER and CONSUMER agree that this contract can be terminated as
    follows:

    The CONSUMER may choose to terminate this contract at any time by
    sending email to the contract-2003-500 at sun.com alias.

    The SUPPLIER may terminate this contract only after giving suffient
    notice to the CONSUMER.   Sufficient notice in the case of CONSUMERS
    that are external to the ON consolidation must take into account the
    Solaris WOS build schedule and its restrictions for change.

    The SUPPLIER will terminate this contract if the interfaces
    are ever reclassified to something other than External.

15. This contract is not valid until "signed" via agreement from the
    SUPPLIER and CONSUMER, and approved by the ARC CASE referenced by
    this contract.  E-mail agreement to the contract should be archived
    in the mail archive of CASE; verbal agreement to the contract
    should be noted in the meeting minutes.  This contract remains
    valid until superseded or invalidated.

For SUPPLIER:			Date:
For CONSUMER:			Date:
For ARC:			Date:

    A copy of this contract shall be deposited in the CASE directory as
    "contract-<digits>" or in a "contracts" subdirectory.

16. (Not to be filled in until superseded or invalidated.)
    This contract was superseded or invalidated by CASE:
    For ARC:			Date:

More information about the opensolaris-arc mailing list