[Cryptography-dev] Ancient OpenSSL Support

Alex Gaynor alex.gaynor at gmail.com
Mon Mar 10 16:07:18 CET 2014 

+1 on what Alex said.

Alex


On Mon, Mar 10, 2014 at 1:13 AM, alexs <alexs at prol.etari.at> wrote:

> I think we should ship it but document that we *require* OpenSSL 0.9.8e
> and deny all knowledge of any earlier versions. It really has to be made
> very explicit that we do not support and can not test versions earlier than
> RedHat EL 5 if we do accept this.
>
> If we end up breaking it in future and someone feels like sending us an
> equally small PR I think we should also accept that. I am entirely OK with
> us providing zero guarantees about this functionality but still accepting
> fixes for it.
>
> The whole 0.9.8 ABI is pretty stable. It's mostly because we compile from
> source that we have problems on Linux so I expect most of the changes
> required to keep 0.9.8b working will be similar simple but tedious
> conditional binding things.
>
> If we in future decide to drop support for an older OpenSSL I think we
> should just drop all of 0.9.8 at once, but I guess that's a discussion for
> a different thread.
>
>
> On 09.03.2014 21:51, Paul Kehrer wrote:
>
>  A user filed an issue today asking us to support 0.9.8b
>>
>> (https://github.com/pyca/cryptography/issues/727#issuecomment-37133554),
>> which shipped in Fedora 8 (apparently used by http://www.planet-lab.org).
>> The patch is actually very small, but we don't have CI coverage for any
>> distribution using OpenSSL that ancient (Fedora 8 was released 7 years
>> ago and has been out of support for over 5). I'm also concerned that this
>> sets a precedent where we'll have difficulty *ever* removing support for
>> an OpenSSL version (and the 0.9.8e patches would be very nice to remove
>> in a few years).
>>
>> So, what do we want to do here? I'm -1 on landing it and claiming it as
>> an officially supported version, but -0.5 on landing it with no
>> guarantees of future functionality since we're not testing against it.
>>
>> On a related note, we should probably document our official minimum
>> OpenSSL version somewhere in the docs (currently 0.9.8e).
>>
>> -Paul
>>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>



-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20140310/31c03ba3/attachment.html>

More information about the Cryptography-dev mailing list