RHEL 7 (the *current* release), Debian Jessie (oldstable) and Ubuntu 14.04 (old LTS supported in "maintenance" mode until early 2019 - https://www.ubuntu.com/info/release-end-of-life) all shipped with 1.0.1 based OpenSSL. :(
IMNSHO *I still think we should do this to 3.7*. OpenSSL >=1.0.2 provides a much more usable API for modern security standards. If we set our standards based on the most conservative OS distro out there, we're just holding ourselves back. Isn't MacOS also in a lousy state when it comes to OpenSSL? Did we switch to providing our own there already? We could do the same (ship our own) when building on stale distros. For my own buildbots, I'll figure out how to upgrade any that need it. http://buildbot.python.org/all/buildslaves/gps-ubuntu-exynos5-armv7l will be the interesting one for me to upgrade but it isn't one of our stable builders so I won't treat it as urgent. :) -gps PS Possibly relevant for RHEL 7 users - https://access.redhat.com/solutions/2740151 (i don't have a login so i can't read it, and it just says "in progress"). On Mon, Sep 4, 2017 at 11:33 AM Zachary Ware <zachary.ware+py...@gmail.com> wrote: > Hi folks, > > Since OpenSSL 1.0.1 was EOL'd at the end of 2016, we're looking into > whether we can drop support for OpenSSL 1.0.1 and earlier in Python > 3.7. However, it looks like many of our builders are still using as > far back as 1.0.1e. If you would, please check to make sure your > builders are using the latest OpenSSL available from your distributor > and let us know if it is not at least 1.0.2 so we can gauge how to > proceed. > > Thanks, > -- > Zach > _______________________________________________ > Python-Buildbots mailing list > Python-Buildbots@python.org > https://mail.python.org/mailman/listinfo/python-buildbots > _______________________________________________ Python-Buildbots mailing list Python-Buildbots@python.org https://mail.python.org/mailman/listinfo/python-buildbots
