Hi Anton,
thank you for the patches. I have committed the CL+SSL patch both upstream and in my repository.
For the session secret update:
- The name *SESSION-SECRETIZER* really does not cut it. I would suggest that *SESSION-SECRET-SALT* is more suitable. - The docstring and documentation file should be clear about the expected datatype of the variable (string?) - I don't like the warning if the only way to set up the salt is setting the special variable. - Maybe it would be better to supply the concerned user with a way to override the ENCODE-SESSION-STRING function instead of having them mess with the internals of the current session secret encoding function.
I would like to know what Edi thinks about this before committing this or any other patch to the repository.
-Hans