On Tue, Nov 19, 2019 at 11:57:56PM +0100, Lukas Tribus wrote:
> Testing and implementing build fixes for APIs while they are under active
> development not only takes away precious dev time, it's also causes our own
> code to be messed up with workarounds possibly only needed for specific
> openssl development code at one point in time.

This actually is a pretty valid point I hadn't thought about and which
we experienced already in the past. It's not rare that a change gets
reverted in other projects, and wasting time working around it just to
see it finally cancelled is not cool.

With all this said, I tend to see the CI as a way to lower the number
of surprizes. This means that the most relevant stuff to test there is
what we can reasonably expect to encounter in field. If some mainstream
distros ship with specific openssl versions and they take care of the
support themselves, it seems reasonable to keep these versions. That
does not mean we have to test all combinations, as we can reasonably
expect that testing a wide enough spectrum increases the likelihood
that what is located between both extremities will also work. So if
1.1.0 is still shipped and maintained in relevant distros, we can
keep it.

Just my two cents,

Reply via email to