> On 31/05/17 15:51, Simon Matter wrote: >>> Hi, >>> >>> On Wed, May 31, 2017 at 11:14:33AM +0200, David Sommerseth wrote: >>>> On 31/05/17 09:02, Gert Doering wrote: >>>>> Hi, >>>>> >>>>> On Wed, May 31, 2017 at 02:31:40AM +0200, David Sommerseth wrote: >>>>>> If we really do care for supporting 0.9.8, in release/2.4 - I can >>>> give >>>>>> this an ACK. Otherwise, I think it might be better to backport >>>>>> 039a89c331e9b7998d804 + 79ea67f77ca3afe91222f. >>>>> >>>>> You are the one that objects most violently if we break users' >>>> expectations >>>> >>>> Yes and no. In regards to end users, I am very careful. In regards >>>> to >>>> package maintainers, I am less weary as they won't distribute failing >>>> builds to end users. This change hits package building, not the end >>>> user. >>> >>> Well, this is a somewhat simplistic world view, with "package builders" >>> and "package installers". >>> >>> People are stuck on older enterprise distributions, for whatever >>> reasons, >>> but want a newer openvpn version - so they get the source bundle, and >>> compile. Which is a perfectly fine deployment model - and we should >>> not >>> break things in 2.4.3 that worked just fine in 2.4.2 for them (unless >>> there is a strong reason, like "we have a vulnerability here that we >>> cannot fix unless we abandon an older API"). >> >> I strongly support your view, Gert. I really hope we do not see such >> breakage in minor stable releases. > > Do you depend on building against OpenSSL 0.9.8? If so, which > OS/distribution do you use?
Yes, I have a case with very customized CentOS 5 systems where we also backport security related patches. Of course the same could be done for openvpn but it's easier to just follow the current 2.4 stream. That's why my suggestion to keep all the compat hacks in 2.4.x and kick them out only in the main devel branch. I guess that's what most package maintainers expect to happen and it keep mailing lists quiet. Regards, Simon ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
