On Sat, May 30, 2020 at 02:31:48PM -0700, TJ Saunders wrote:
Hello, ProFTPD developers! I'm contemplating the growing complexity
of ProFTPD's TLS/crypto codebase, and how to reduce it. Much of that
complexity is related to OpenSSL, and its changing APIs over the years.
Thus I'd like to start phasing out support for older OpenSSL versions.
How old? Well, I'm hoping you can help me decide that.
We can use the OPENSSL_API_COMPAT macro (at least since OpenSSL-1.1.0), like
this PR:
https://github.com/pyca/cryptography/pull/4313
I know that there are some platforms, like HP-UX or AIX, where
bleeding-edge OpenSSL versions may not be used/available. But support
for OpenSSL before 1.0.0 can be phased out, yes?
Part of this will be establishing criteria for this project, going
forward, for knowing when/how to EOL support for older library versions
(not just OpenSSL) -- and how to announce that, with enough advance
notice for packagers/distros to be prepared.
I look forward to hearing your thoughts on this topic!
Cheers,
TJ
Well, for what is concerning Debian, even the 8.x oldoldstable jessie LTS
(that shall end its support next month) came with 1.0.1t, so I think dropping
pre-1.0.0 support would not be a problem for current supported versions.
About the general life cycle of APIs used in proftpd: my advice is supporting
at least 5 previous years per API, based on release date of each library which
is more or less aligned with a long term support for most of the
distributions. In any case, supporting more than 10 years-old APIs is probably
a non-sense. All this, with a grain of salt: a decent policy of management
of libraries should already include some back-compatibility criteria with
an eye to users and distributions. But, we know the world is weird...
cheers,
--
Francesco P. Lovergine
_______________________________________________
ProFTPD Developers List
<[email protected]>
https://lists.sourceforge.net/lists/listinfo/proftp-devel
