On 31/05/17 09:02, Gert Doering wrote: > Hi, > > On Wed, May 31, 2017 at 02:31:40AM +0200, David Sommerseth wrote: >> If we really do care for supporting 0.9.8, in release/2.4 - I can give >> this an ACK. Otherwise, I think it might be better to backport >> 039a89c331e9b7998d804 + 79ea67f77ca3afe91222f. > > You are the one that objects most violently if we break users' expectations
Yes and no. In regards to end users, I am very careful. In regards to package maintainers, I am less weary as they won't distribute failing builds to end users. This change hits package building, not the end user. And when we have had the policy (at least on the Linux side) that the oldest supported library and build dependencies are what the oldest officially supported RHEL release carries, then moving to OpenSSL 1.0.1 should not break anything. When also considering that any releases older than OpenSSL 1.0.2 is not supported by OpenSSL upstream [1], and OpenSSL 1.0.1 is supported by at least Red Hat in RHEL for the lifetime of RHEL ... Then ditching 0.9.8 support makes even more sense. [1] <https://www.openssl.org/policies/releasestrat.html> If there are other OS/distros actively supporting, fixing and backporting security fixes to 0.9.8, then I have no issues keeping 0.9.8 support. But unless there are someone having this requirement, cleaning up all the various OpenSSL hacks for unsupported version is fairly sensible to me. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
