Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?
Date: 2024-04-04 07:56:22
Message-ID: 8ED6A9A5-BB31-435E-9C9A-D04667A6A8B4@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> On 4 Apr 2024, at 01:24, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>
> On Wed, Apr 03, 2024 at 01:38:50PM -0400, Tom Lane wrote:
>> The discussion we had last year concluded that we were OK with
>> dropping 1.0.1 support when RHEL6 goes out of extended support
>> (June 2024 per this thread, I didn't check it). Seems like we
>> should have the same policy for RHEL7. Also, calling Photon 3
>> dead because it went EOL three days ago seems over-hasty.
>
> Yeah. A bunch of users of Photon are VMware (or you could say
> Broadcom) product appliances, and I'd suspect that quite a lot of them
> rely on Photon 3 for their base OS image. Upgrading that stuff is not
> easy work in my experience because they need to cope with a bunch of
> embedded services.

That's true, but Photon3 won't package new major versions of PostgreSQL (the
latest RPM is 13.14). Anyone who builds v17 on Photon 3 on their own can just
as well be expected to build an updated OpenSSL no? This is equivalent to
RHEL7 which was discussed elsewhere in this thread.

If we are going to pin version dependencies for postgres X to available OS
release packages then it, IMHO, is reasonable to be for OS's that realistically
will package X (either by the vendor or a trusted external packager like PGDG).

It's possible, but not guaranteed, that RHEL8 ships v17 packages in ther
Application Streams Life Cycle model, they have packaged v15 so far with
retirement in 2028 so it seems likely there will be another package to retire
in 2029 when RHEL8 finally goes away (whether that will be v16 or v17 is also
speculation). Thus, pinning on 1.1.1 is grounded in packaging reality, even
though I sincerely hope that noone who isn't paying for support is running
1.1.1 now, let alone in 4 years from now.

--
Daniel Gustafsson

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Daniel Gustafsson 2024-04-04 07:59:08 Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?
Previous Message Matthias van de Meent 2024-04-04 07:52:19 Re: Detoasting optionally to make Explain-Analyze less misleading