| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~? |
| Date: | 2023-09-07 11:44:11 |
| Message-ID: | BE7EA829-3213-4B78-9B74-E64C82DF556D@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 7 Sep 2023, at 13:30, Thomas Munro <thomas(dot)munro(at)gmail(dot)com> wrote:
> I don't like the idea that our *next* release's library version
> horizon is controlled by Red Hat's "ELS" phase.
Agreed. If we instead fence it by "only non-EOL version" then 1.1.1 is also on
the chopping block for v17 as it goes EOL in 4 days from now with 1.1.1w (which
contains a CVE, going out with a bang). Not sure what the best strategy is,
but whichever we opt for I think the most important point is to document it
clearly.
> These hypothetical users that want to run
> an OS even older than that and don't know how to get modern crypto
> libraries on it but insist on a shiny new PostgreSQL release and build
> it from source because there are no packages available... don't exist?
Sadly I wouldn't be the least bit surprised if there are 1.0.2 users on modern
operating systems, especially given its LTS status (which OpenSSL hasn't even
capped but sells by "for as long as it remains commercially viable to do so"
basis). That being said, my gut feeling is that 3.x has gotten pretty good
market penetration.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2023-09-07 12:14:14 | Re: add (void) cast inside advance_aggregates for function ExecEvalExprSwitchContext |
| Previous Message | Thomas Munro | 2023-09-07 11:30:15 | Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~? |