Re: [Openvpn-devel] Summary of the community meeting (Wed, 10th Oct 2018)

2018-10-10 Thread David Sommerseth 
On 10/10/18 13:20, Samuli Seppänen wrote:
[...snip...]
> --
> 
> Discussed dropping OpenSSL 1.0.1 support in OpenVPN. It was agreed that
> it makes sense. We also made our support policies regarding RedHat more
> clear:
> 
> https://community.openvpn.net/openvpn/wiki/SupportedVersions
Just clarifying this.  We will drop OpenSSL 1.0.1 support in favour of OpenSSL
1.0.2 for OpenVPN 2.5 (now, git master).  For OpenVPN 2.4, we will keep
OpenSSL 1.0.1 support.


-- 
kind regards,

David Sommerseth
OpenVPN Inc




signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] Summary of the community meeting (Wed, 10th Oct 2018)

2018-10-10 Thread Samuli Seppänen 
Hi,

Here's the summary of the IRC meeting.

---

COMMUNITY MEETING

Place: #openvpn-meeting on irc.freenode.net
Date: Wednesday 10th October 2018
Time: 11:30 CEST (9:30 UTC)

Planned meeting topics for this meeting were here:



The next meeting has not been scheduled yet.

Your local meeting time is easy to check from services such as



SUMMARY

cron2, dazo, mattock, ordex, plaisthos, rozmansi and syzzer participated
in this meeting.

--

Discussed tap-windows6 release and HLK testing. We have an experienced
Windows kernel developer fixing the remaining issues. Mattock asked the
WHQL/HLK testing company to put their testing on hold for the time being.

--

Discussed dropping OpenSSL 1.0.1 support in OpenVPN. It was agreed that
it makes sense. We also made our support policies regarding RedHat more
clear:

https://community.openvpn.net/openvpn/wiki/SupportedVersions

--

Discussed MSI installer for OpenVPN and tap-windows6 that rozmansi has
been working on:

https://community.openvpn.net/openvpn/wiki/OpenvpnMSIInstaller

Rozmansi is currently working on Makefiles for the tools and DLLs that
the MSI installer will make use of.

--

Full chatlog attached.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


(12:32:15) cron2: yay
(12:32:15) mattock: hi
(12:33:43) syzzer: 'lo
(12:34:18) mattock: you guys have been busy
(12:34:39) mattock: so, any particular topics?
(12:34:55) mattock: https://community.openvpn.net/openvpn/wiki/Topics-2018-10-10
(12:34:56) vpnHelper: Title: Topics-2018-10-10 – OpenVPN Community (at 
community.openvpn.net)
(12:34:57) cron2: RadixWeb
(12:35:04) mattock: that is quickly covered
(12:35:17) syzzer: re 2.5, I wanted to propose dropping support for openssl 
1.0.1
(12:35:19) cron2: you should send them a "please do not spend more time"...
(12:35:23) mattock: cron2: I did
(12:35:32) cron2: oh, good.  Because I saw a mail this morning...
(12:35:45) mattock: yeah, their manager was having private discussion with me
(12:35:55) mattock: I will respond to Pratik as well
(12:37:15) mattock: sent
(12:37:30) dazo: syzzer: that's not gonna fly well, dropping 1.0.1 ... then we 
lock Debian 9 and RHEL7 and older to OpenVPN 2.4
(12:38:12) mattock: or be forced to maintain more recent openssl in our own 
apt/yum repos
(12:38:18) mattock: which is not something we should do lightly
(12:38:39) syzzer: dazo: debian 9 is on 1.1.0
(12:38:39) cron2: mattock1: ok, RadixWeb sorted out.  I was just wondering.
(12:39:15) dazo: syzzer: nope ... https://packages.debian.org/jessie/openssl
(12:39:20) vpnHelper: Title: Debian -- Details of package openssl in jessie (at 
packages.debian.org)
(12:39:26) syzzer: jessie in 8 :)
(12:39:30) dazo: meh
(12:39:40) syzzer: and 8 is going EOL in june 2020, which sounds reasonable to 
stick to 2.4
(12:39:41) cron2: dazo: what is RHEL's stance on openssl 1.1?
(12:40:05) cron2: (I wonder, since the official packages will stay at 2.4 
anyway, getting 2.5 into "new-RHEL which also has openssl 1.1" should be fine, 
no?)
(12:40:06) mattock: dazo: Debian 9 (=my laptop): 1.1.0f-3+deb9u2
(12:40:08) dazo: I just presume that's going into RHEL-8
(12:40:22) dazo: yeah, I mixed debian release names and release numbers 
(12:40:27) dazo: those always confused e
(12:40:31) dazo: *me
(12:40:50) mattock: debian 9 both 1.0.2 and 1.1 openssl available as standard 
packages
(12:40:57) ***ordex is here
(12:41:00) mattock: hi ordex!
(12:41:03) ***ordex was confused about departing time
(12:41:04) cron2: sitting in the plain?
(12:41:05) ordex: hi!
(12:41:09) ordex: not yet !
(12:41:31) syzzer: for debian 8 (jessie) 1.0.2 is available in jessie-backports
(12:41:32) dazo: RHEL7 goes EOL 2024
(12:41:45) syzzer: doesn't RHEL have something like -backports too?
(12:42:00) dazo: aah ... RHEL7 is 1.0.2
(12:42:30) dazo: RHEL6 is 1.0.1, which goes EOL 2020
(12:42:30) cron2: syzzer: you want to drop 1.0.1, but keep 1.0.2?
(12:42:37) syzzer: cron2: yes
(12:42:43) dazo: okay, I'm fine with that
(12:42:46) cron2: ok (just to make it explicit)
(12:42:49) syzzer: 1.0.1 has not been supported by the openssl team for a long 
time
(12:43:26) dazo: for non-enterprise distros, that's an important detail
(12:44:15) syzzer: I know, but if you're staying with old enterprise openssl, 
you can also stay with old enterprise openvpn, right/
(12:44:37) dazo: Yeah, I'm not concerned about RHEL6
(12:45:02) mattock: \o/
(12:45:06) mattock: agreement? :)
(12:45:27) dazo: Yes, openssl-1.0.2 can be the oldest one for openvpn-2.5
(12:45:30) syzzer: I think so :0
(12:45:34) ordex: :D
(12:45:40) syzzer: ok, I'll send a patch later today
(12:45:54) mattock: sounds good
(12:46:27) dazo: but it means we'll need to support openvpn 2.4 until at least 
end of November 2020 :)
(12:46:43) mattock: at what level of support?
(12:46:48) plaisthos: hey, I did not expect a meeting today and will be