Subject: Re: client-side only vs. libssh?

Re: client-side only vs. libssh?

From: Daniel Stenberg <>
Date: Sat, 23 Jan 2010 09:00:35 +0100 (CET)

On Sat, 23 Jan 2010, Aris Adamantiadis wrote:

> While you are at it, I am thinking about that "libssh2 vs libssh" page [1]
> which is disturbing me since a good time.

I'm happy to correct all flaws and errors existing there. I've been open about
that page since day 1 to get help to make it better.

> -"not threadsafe": libssh is as much threadsafe as libssh2, in the sense that
> all operations made on different sessions are threadsafe. That is consistent
> with "Thread-safe: just don't share handles simultaneously" on
> front page[3].

I based that on comments in your mails/documentation. I'll update.

> -"Some limitations on >4gb files": Not any that I am aware of. Could you
> explain what's actually lacking in libssh 0.4 ? There is a sftp_seek64 call
> which takes a uint64_t parameter. That function exists since 0.3 released
> one year ago.[4]

First, the page says it compares against libssh 0.3 so details in 0.4 would of
course not be covered. I based this on the API/docs/source and it claimed
this. But with your feedback here I can update that to say it is a comparison
against 0.4. Thanks!

> -"Optional libgcrypt support": there is full libgcrypt support in libssh
> since 0.2 release, which was released at least 4 years ago. The support for
> libgcrypt is written in plain text in the "about" page of our site, 3 lines
> before the "thread safety" claims.[5]

Updated. Your site is entirely different compared to when I checked this. I
actually checked for the gcrypt support even in the source then AFAIR but I
must've simply missed it.

> -Speed claims: Please don't be ridiculous. No competent network developer
> will take you seriously when you tell that libssh2 is 2.3 times faster that
> libssh.

I did my tests and I presented what I did and I showed the results. Again,
nobody else (including you) have argued or discussed them with me. I do not
claim to have done any thorough and extensive tests but I did check the code
and it looked like they were roughly comparable.

I guess that makes me "no competent network developer".

> I am saying that it's ridiculous to make precise speed claims out of that
> single biased test.

They were not "precise" and all tests done by me will be biased.

> I do not discuss the license of libssh and the blocking issues. These are
> real and will hopefully be resolved in next major libssh release.

Are you considering to change the license?

> I think a bit of competition in opensource is fair and leads to innovation

In this particular case, I'm far from convinced that this competition is good.
We're making two separate and roughly comparable libs, both free and open with
roughly the same purpose. I'd say we're dividing our efforts on two places
instead of putting them all in one place...

Thanks for all the corrections and clarifications!

Received on 2010-01-23