On Tue, Sep 24, 2019 at 11:25:30AM -0400, Tom Lane wrote: > Alvaro Herrera <alvhe...@2ndquadrant.com> writes: >> ... I wonder if we should really continue to support >> OpenSSL 0.9.8. > > Fair question, but post-rc1 is no time to be moving that goalpost > for the v12 branch.
Yeah. I worked in the past with SUSE-based appliances, and I recall that those folks have been maintaining their own patched version of OpenSSL 0.9.8 with a bunch of custom patches, some of them coming from newer versions of upstream to take care of security issues with 0.9.8. So even if they call their version 0.9.8j, I think that they include much more security-related fixes than their version string suggests. I don't know at which extent though. >> Anyway I suppose it's not impossible that third parties are still >> maintaining their 1.0.0 branch, > > Another data point on that is that Red Hat is still supporting > 1.0.1e in RHEL6. I don't think we should assume that just because > OpenSSL upstream has dropped support for a branch, it no longer > exists in the wild. > > Having said that, if it makes our lives noticeably easier to > drop support for 0.9.8 in HEAD, I won't stand in the way. Agreed. There is an argument for dropping support for OpenSSL 0.9.8 in 13~, but I don't agree of doing that in 12. Let's just fix the issue. -- Michael
signature.asc
Description: PGP signature
