On Mon, Mar 19, 2018 at 8:57 AM, Yann Ylavic <ylavic....@gmail.com> wrote: > On Mon, Mar 19, 2018 at 1:07 PM, Jim Jagielski <j...@jagunet.com> wrote: >> >> >>> On Mar 17, 2018, at 3:32 PM, Nick Kew <n...@apache.org> wrote: >>> >>> On Fri, 16 Mar 2018 09:06:53 -0400 >>> Eric Covener <cove...@gmail.com> wrote: >>> >>>> I think bump trunk now, but not rip out any compat code for ease of >>>> backport. >>> >>> +1. >>> >>> 2.4 is a stable branch: we can't go making changes that would >>> disrupt existing users. >>> >>> What we could do is make it an annoying (even scary) Warning >>> in 2.4, and see what reactions that brings. >>> >> >> +1 from me > > ISTR that we had a several complains about a warning introduced in > (the middle of) 2.4, possibly SSLCertificateChainFile's deprecation > message at each startup? > It was not quite accepted by the community and we reverted it later > (the release was rejected IIRC). > I wouldn't want the same thing to happen again.
One noteworthy difference in this case is that it could affect just builders / maintainers directly. > People running 2.4 with a deprecated version of openssl are probably > well aware about it, and likely can't do much at this point. > Unless/until one can selectively drop an AH by (simple) configuration... The other options essentially punish everyone else. We maintain another release and they feel compelled to move to it, or we jump through hoops to maintain compat (more complexity, time that could be spent elsewhere) -- Eric Covener cove...@gmail.com
