Hi, > Hi, > > On Wed, Sep 07, 2016 at 12:18:17PM +0300, Samuli Seppänen wrote: >> We have already dropped XP support from OpenVPN Git "master". I think >> now is the time to drop official XP support altogether, but to maintain >> Vista support util the next tap-windows6 release. > > As long as XP is in widespread use, I think we should provide up-to-date > and secure 2.3.x builds. Worst thing we can do is "not provide updates" > in case a new openssl (or openvpn) bug shows up, and leave users out > in the cold. So this means about 2-3 more years, I think... (do you > have numbers how many people still download the XP installers?)
I can probably get download numbers for I00x (openvpn+tap-windows) installers. > Note that the microsoft guidelines do not say "no more SHA1" but > "no SHA1 *unless* targeting Vista", which we do - so there must be a > way to get updated SHA1 certificates... This probably depends greatly on the CA. In our case (Digicert) SHA1 is no longer an option (or so I'm told). > What we should do, though, is declare and document a strict "end of XP > support" policy, like "January 1st, 2018", make this very obvious in the > installer (maybe even "add a separate acknowledgment popup"), AND refuse > to actually start the GUI after that date (or so)... That makes sense. I also think that "January 1st, 2018" is as good a deadline as any. The next 2.3.x I00x installer should implement the warning box. I think we should also let XP users know on the website and in the release announcement that seeing the "Unknown publisher" box is normal and is because XP does not support SHA1. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
