On Fri, Mar 16, 2018 at 8:50 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: > Am 16.03.2018 um 13:20 schrieb Eric Covener: >> >> On Fri, Mar 16, 2018 at 8:07 AM, Rainer Jung <rainer.j...@kippdata.de> >> wrote: >>> >>> Last time we had the discussion was 2010/2011. >>> >>> We might increase minimum OpenSSL version for everything newer than 2.4.x >>> to >>> OpenSSL 1.0.1. >>> >>> I think RHEL 6 and SLES11 both provide OpenSSL 1.0.1 at least as an >>> alternative. RHEL 7 and SLES 12 still seems to be at 1.0.1 (at least >>> without >>> service pack). I do not know about BSD and others. >>> >>> Of course increasing the minimum requirement to 1.0.1 makes backports a >>> bit >>> more risky. On the other hand I think our support promise for old OpenSSL >>> is >>> probably no longer true, because likely almost nobody will test anything >>> newer than 2.4.x with OpenSSL 0.9.8, 0.9.9 or 1.0.0. The same statement >>> might hold for 2.4.x, but there we are bound due to our support for older >>> platforms. >>> >>> Do we have more data points? Opinions about increasing to 1.0.1? >> >> >> I prefer to see it bumped in 2.4 with 1-2 year window. > > > ... and wait with a dependency bump for 2.6+ also 1-2 years? Or do it there > earlier?
I think bump trunk now, but not rip out any compat code for ease of backport.
