On 31-05-17 11:14, David Sommerseth wrote: > On 31/05/17 09:02, Gert Doering wrote: >> On Wed, May 31, 2017 at 02:31:40AM +0200, David Sommerseth wrote: >>> If we really do care for supporting 0.9.8, in release/2.4 - I can give >>> this an ACK. Otherwise, I think it might be better to backport >>> 039a89c331e9b7998d804 + 79ea67f77ca3afe91222f. >> >> You are the one that objects most violently if we break users' expectations > > Yes and no. In regards to end users, I am very careful. In regards to > package maintainers, I am less weary as they won't distribute failing > builds to end users. This change hits package building, not the end user. > > And when we have had the policy (at least on the Linux side) that the > oldest supported library and build dependencies are what the oldest > officially supported RHEL release carries, then moving to OpenSSL 1.0.1 > should not break anything. > > When also considering that any releases older than OpenSSL 1.0.2 is not > supported by OpenSSL upstream [1], and OpenSSL 1.0.1 is supported by at > least Red Hat in RHEL for the lifetime of RHEL ... Then ditching 0.9.8 > support makes even more sense. > > [1] <https://www.openssl.org/policies/releasestrat.html> > > If there are other OS/distros actively supporting, fixing and > backporting security fixes to 0.9.8, then I have no issues keeping 0.9.8 > support. But unless there are someone having this requirement, cleaning > up all the various OpenSSL hacks for unsupported version is fairly > sensible to me.
Either backporting 039a89c331e9b7998d804 + 79ea67f77ca3afe91222f or applying this patch is fine by me. As I wrote a little while ago: On 19-02-17 16:09, Steffan Karger wrote: > The other big long-term-support distro, SLES, does still ship and > support 0.9.8 in SELS11 until 2019 (2022 for extended support), but can > be updated to 1.0.1. > > As far as I'm concerned, that is enough reason to only support OpenSSL > 1.0.1+ for OpenVPN 2.4 (and newer). I'll let you guys decide. -Steffan
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
