On 03/16/2018 02:06 PM, Eric Covener wrote: > On Fri, Mar 16, 2018 at 8:50 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: >> Am 16.03.2018 um 13:20 schrieb Eric Covener: >>> >>> On Fri, Mar 16, 2018 at 8:07 AM, Rainer Jung <rainer.j...@kippdata.de> >>> wrote: >>>> >>>> Last time we had the discussion was 2010/2011. >>>> >>>> We might increase minimum OpenSSL version for everything newer than 2.4.x >>>> to >>>> OpenSSL 1.0.1. >>>> >>>> I think RHEL 6 and SLES11 both provide OpenSSL 1.0.1 at least as an >>>> alternative. RHEL 7 and SLES 12 still seems to be at 1.0.1 (at least >>>> without >>>> service pack). I do not know about BSD and others. >>>> >>>> Of course increasing the minimum requirement to 1.0.1 makes backports a >>>> bit >>>> more risky. On the other hand I think our support promise for old OpenSSL >>>> is >>>> probably no longer true, because likely almost nobody will test anything >>>> newer than 2.4.x with OpenSSL 0.9.8, 0.9.9 or 1.0.0. The same statement >>>> might hold for 2.4.x, but there we are bound due to our support for older >>>> platforms. >>>> >>>> Do we have more data points? Opinions about increasing to 1.0.1? >>> >>> >>> I prefer to see it bumped in 2.4 with 1-2 year window. >> >> >> ... and wait with a dependency bump for 2.6+ also 1-2 years? Or do it there >> earlier? > > I think bump trunk now, but not rip out any compat code for ease of backport. >
+1 Regards RĂ¼diger