Update: this post contains a claim that Chia did not properly test the release on Windows. It turns out that is not true, and I conducted my own tests with 1.3.2 on Windows and came to the same conclusion they made when doing the release – that OpenSSL was fixed. You can see that here.
Chia has re-issued an update attempting to address the OpenSSL vulnerability that caused their last release. It appears that in Windows and MacOS there were separate issues when it came to updating OpenSSL on client machines. The Chia-blockchain 1.3.3 release should fix this.
Personally I find this to be one of the issues when building to OpenSSL on Windows instead of a version leveraging CryptoAPI natively. A lot of their users are on Windows, and if Chia plans on expanding to the rest of the world then they will need to start treating Windows as a first party operating system. One of the reasons I still run my farm on Windows, while all the rest of my home lab infrastructure runs on various flavours of *nix, is because I am pretty confident if I am going to find a major breaking bug its going to be on their Windows version. None of them use it internally (that I am aware of) and the Chia team has admitted to not testing it as robustly. That should change.
Edit: According to comments by Gene Hoffman on Keybase, the SSL issue was a Python for Windows dependency, not a Chia one which makes sense. So the comments about leveraging CryptoAPI rather than OpenSSL for windows is likely aimed at them and not Chia Network.
That no one on the Chia team uses or even “robustly” tests their Windows client is both discouraging and unsurprising. A recent Reddit poll of the OS used for Chia showed 397 of 747 or 53.1% used Windows vs. 42.4% using some version of Linux. A small sample, but telling. The devs need to up their game on testing software and consider who is supporting their project vs. focusing on their favorite platform.
Rolle, I’m on the team and run a couple of Windows harvesters, but the majority of my farm is on Ubuntu.