<div dir="ltr">+1 on what Alex said.<div><br></div><div>Alex</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Mar 10, 2014 at 1:13 AM, alexs <span dir="ltr"><<a href="mailto:alexs@prol.etari.at" target="_blank">alexs@prol.etari.at</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I think we should ship it but document that we *require* OpenSSL 0.9.8e and deny all knowledge of any earlier versions. It really has to be made very explicit that we do not support and can not test versions earlier than RedHat EL 5 if we do accept this.<br>
<br>
If we end up breaking it in future and someone feels like sending us an equally small PR I think we should also accept that. I am entirely OK with us providing zero guarantees about this functionality but still accepting fixes for it.<br>
<br>
The whole 0.9.8 ABI is pretty stable. It's mostly because we compile from source that we have problems on Linux so I expect most of the changes required to keep 0.9.8b working will be similar simple but tedious conditional binding things.<br>
<br>
If we in future decide to drop support for an older OpenSSL I think we should just drop all of 0.9.8 at once, but I guess that's a discussion for a different thread.<div class="HOEnZb"><div class="h5"><br>
<br>
On 09.03.2014 21:51, Paul Kehrer wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
A user filed an issue today asking us to support 0.9.8b<br>
<br>
(<a href="https://github.com/pyca/cryptography/issues/727#issuecomment-37133554" target="_blank">https://github.com/pyca/<u></u>cryptography/issues/727#<u></u>issuecomment-37133554</a>),<br>
which shipped in Fedora 8 (apparently used by <a href="http://www.planet-lab.org" target="_blank">http://www.planet-lab.org</a>).<br>
The patch is actually very small, but we don't have CI coverage for any<br>
distribution using OpenSSL that ancient (Fedora 8 was released 7 years<br>
ago and has been out of support for over 5). I'm also concerned that this<br>
sets a precedent where we'll have difficulty *ever* removing support for<br>
an OpenSSL version (and the 0.9.8e patches would be very nice to remove<br>
in a few years).<br>
<br>
So, what do we want to do here? I'm -1 on landing it and claiming it as<br>
an officially supported version, but -0.5 on landing it with no<br>
guarantees of future functionality since we're not testing against it.<br>
<br>
On a related note, we should probably document our official minimum<br>
OpenSSL version somewhere in the docs (currently 0.9.8e).<br>
<br>
-Paul<br>
</blockquote></div></div><div class="HOEnZb"><div class="h5">
______________________________<u></u>_________________<br>
Cryptography-dev mailing list<br>
<a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/cryptography-dev" target="_blank">https://mail.python.org/<u></u>mailman/listinfo/cryptography-<u></u>dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">"I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)<br>
"The people's good is the highest law." -- Cicero<br><div>GPG Key fingerprint: 125F 5C67 DFE9 4084</div></div>
</div>