Re: Poll: increase OpenSSL version requirement for trunk?

Fri, 16 Mar 2018 05:51:07 -0700 

Am 16.03.2018 um 13:20 schrieb Eric Covener:

On Fri, Mar 16, 2018 at 8:07 AM, Rainer Jung <rainer.j...@kippdata.de> wrote:

Last time we had the discussion was 2010/2011.

We might increase minimum OpenSSL version for everything newer than 2.4.x to
OpenSSL 1.0.1.

I think RHEL 6 and SLES11 both provide OpenSSL 1.0.1 at least as an
alternative. RHEL 7 and SLES 12 still seems to be at 1.0.1 (at least without
service pack). I do not know about BSD and others.

Of course increasing the minimum requirement to 1.0.1 makes backports a bit
more risky. On the other hand I think our support promise for old OpenSSL is
probably no longer true, because likely almost nobody will test anything
newer than 2.4.x with OpenSSL 0.9.8, 0.9.9 or 1.0.0. The same statement
might hold for 2.4.x, but there we are bound due to our support for older
platforms.

Do we have more data points? Opinions about increasing to 1.0.1?


I prefer to see it bumped in 2.4 with 1-2 year window.
... and wait with a dependency bump for 2.6+ also 1-2 years? Or do it there earlier? 

Am 16.03.2018 um 13:34 schrieb Yann Ylavic:
> As already said on the other thread...
>
> On Fri, Mar 16, 2018 at 1:07 PM, Rainer Jung <rainer.j...@kippdata.de> wrote: 
>>
>> Do we have more data points? Opinions about increasing to 1.0.1?
>
> +1, and while at it I think I think we should even require 1.0.2 (if
> possible) since 1.0.1 in no longer supported at OpenSSL.
> Per: https://www.openssl.org/policies/releasestrat.html

Am 16.03.2018 um 13:44 schrieb Eric Covener:
> Although I personally have no need with $bigco hat on (no
> openssl/mod_ssl here) I would not want to go too far and make life
> overly difficult for maintainers who are several years into some
> long/complicated support lifecycle.  Not that I know 1.0.2 is somehow
> problematic or anything.
It seems that RHEL supports 1.0.2 starting with 7.4. I did not find any 1.0.2 info for SLES 12, it seems they are still at 1.0.1. So I would slightly prefer increasing to 1.0.1 for trunk soon and I would be OK with doing the same as suggested by Eric after announcement in a 1-2 years time frame for 2.4.x. 

Regards,

Rainer

Reply via email to