Jérémy Lal <kapo...@melix.org> wrote
> The openssl release strategy page [1] states:
> Version 1.1.0 will be supported until 2018-04-30.
> Version 1.0.2 will be supported until 2019-12-31 (LTS).
>
> Considering the dates, upstream authors using openssl 1.0.2 might not
> migrate to the new api until 1.0.2 end of life.
> Is it reasonnable, for security and human resources sake, to carry hundreds
> of patches for a transition that will happen much more safely and naturally
> later ?
Certainly. 1.1 brings a lot of internal changes which will be beneficial in
the long run. And of course's there a wide range of 1.1 features which will b
e important during the lifetime of stretch (e.g. chacha20/poly1305 support).
Cheers,
Moritz
