[Cryptography-dev] Ancient OpenSSL Support
alexs
alexs at prol.etari.at
Mon Mar 10 09:13:55 CET 2014
I think we should ship it but document that we *require* OpenSSL 0.9.8e
and deny all knowledge of any earlier versions. It really has to be made
very explicit that we do not support and can not test versions earlier
than RedHat EL 5 if we do accept this.
If we end up breaking it in future and someone feels like sending us an
equally small PR I think we should also accept that. I am entirely OK
with us providing zero guarantees about this functionality but still
accepting fixes for it.
The whole 0.9.8 ABI is pretty stable. It's mostly because we compile
from source that we have problems on Linux so I expect most of the
changes required to keep 0.9.8b working will be similar simple but
tedious conditional binding things.
If we in future decide to drop support for an older OpenSSL I think we
should just drop all of 0.9.8 at once, but I guess that's a discussion
for a different thread.
On 09.03.2014 21:51, Paul Kehrer wrote:
> A user filed an issue today asking us to support 0.9.8b
>
> (https://github.com/pyca/cryptography/issues/727#issuecomment-37133554),
> which shipped in Fedora 8 (apparently used by
> http://www.planet-lab.org).
> The patch is actually very small, but we don't have CI coverage for
> any
> distribution using OpenSSL that ancient (Fedora 8 was released 7
> years
> ago and has been out of support for over 5). I'm also concerned that
> this
> sets a precedent where we'll have difficulty *ever* removing support
> for
> an OpenSSL version (and the 0.9.8e patches would be very nice to
> remove
> in a few years).
>
> So, what do we want to do here? I'm -1 on landing it and claiming it
> as
> an officially supported version, but -0.5 on landing it with no
> guarantees of future functionality since we're not testing against
> it.
>
> On a related note, we should probably document our official minimum
> OpenSSL version somewhere in the docs (currently 0.9.8e).
>
> -Paul
More information about the Cryptography-dev
mailing list