Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

> On 24 May 2023, at 11:52, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>
> On Wed, May 24, 2023 at 11:36:56AM +0200, Daniel Gustafsson wrote:
>> 1.0.2 is also an LTS version available commercially for premium support
>> customers of OpenSSL (1.1.1 will become an LTS version as well), with 1.0.2zh
>> slated for release next week. This raises the likelyhood of Postgres
>> installations using 1.0.2 in production still, and for some time to come.
>
> Good point. Indeed, that makes it pretty clear that not dropping
> 1.0.2 would be the best option for the time being, so 0001 would be
> enough.

I think thats the right move re 1.0.2 support. 1.0.2 is also the version in
RHEL7 which is in ELS until 2026.

When we moved the goalposts to 1.0.1 (commit 7b283d0e1d1) we referred to RHEL6
using 1.0.1, and RHEL6 goes out of ELS in late June 2024 seems possible to drop
1.0.1 support during v17. I haven't studied the patch yet but I'll have a look
at it.

> I am wondering if we should worry about having a buildfarm member that
> could test these binaries, though, in case they have compatibility
> issues.. But it would be harder to debug without the code at hand, as
> well.

It would be nice it the OpenSSL project could grant us an LTS license for a
buildfarm animal to ensure compatibility but I have no idea how realistic that
is (or how much the LTS version of 1.0.2 has diverged from the last available
public 1.0.2 version).

--
Daniel Gustafsson