Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Joe Conway <mail@joeconway.com>
Cc: Daniel Gustafsson <daniel@yesql.se>, Peter Eisentraut <peter@eisentraut.org>, Michael Paquier <michael@paquier.xyz>, Jacob Champion <jacob.champion@enterprisedb.com>, Thomas Munro <thomas.munro@gmail.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>, Mikael Kjellström <mikael.kjellstrom@gmail.com>
Date: 2024-08-05T13:14:49Z
Lists: pgsql-hackers
Joe Conway <mail@joeconway.com> writes:
> I know I am way late to this thread, and I have only tried a cursory 
> skim of it given the length, but have we made any kind of announcement 
> (packagers at least?) that we intend to not support Postgres 18 with ssl 
> on RHEL 7.9 and derivatives? Yes, RHEL 7 just passed EOL, but there is 
> commercial extended support available until July 2028[1] which means 
> many people will continue to use it.

PG v16 will be in-support until November 2028, so it's not like
we are leaving RHEL 7 completely in the lurch.  I doubt that the
sort of people who are still running an EOL OS are looking to put
a bleeding-edge database on it, so this seems sufficient to me.

As for notifying packagers --- Red Hat themselves will certainly
not be trying to put new major versions of anything on RHEL 7,
and Devrim has stopped packaging newer PG for RHEL 7 altogether,
so who among them is going to care?

			regards, tom lane



Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove obsolete unconstify()

  2. Only perform pg_strong_random init when required

  3. Remove support for OpenSSL older than 1.1.0

  4. Support SSL_R_VERSION_TOO_LOW when using LibreSSL

  5. Support disallowing SSL renegotiation when using LibreSSL

  6. Doc: Use past tense for things which happened in the past

  7. Remove support for OpenSSL 1.0.1

  8. Remove support for OpenSSL 0.9.8 and 1.0.0