Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?
Thomas Munro <thomas.munro@gmail.com>
From: Thomas Munro <thomas.munro@gmail.com>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Michael Paquier <michael@paquier.xyz>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2023-09-07T11:30:15Z
Lists: pgsql-hackers
On Wed, May 24, 2023 at 11:03 PM Daniel Gustafsson <daniel@yesql.se> wrote: > > On 24 May 2023, at 11:52, Michael Paquier <michael@paquier.xyz> wrote: > > On Wed, May 24, 2023 at 11:36:56AM +0200, Daniel Gustafsson wrote: > >> 1.0.2 is also an LTS version available commercially for premium support > >> customers of OpenSSL (1.1.1 will become an LTS version as well), with 1.0.2zh > >> slated for release next week. This raises the likelyhood of Postgres > >> installations using 1.0.2 in production still, and for some time to come. > > > > Good point. Indeed, that makes it pretty clear that not dropping > > 1.0.2 would be the best option for the time being, so 0001 would be > > enough. > > I think thats the right move re 1.0.2 support. 1.0.2 is also the version in > RHEL7 which is in ELS until 2026. I don't mind either way if we rip out OpenSSL 1.0.2 support now or later, other than a general feeling that cryptography must be about the worst possible category of software to keep supporting for years after it has been declared EOL. But.. I don't like the idea that our *next* release's library version horizon is controlled by Red Hat's "ELS" phase. The yum.postgresql.org team aren't packaging 17 for RHEL7 AFAICS, which is as it should be if you ask me, because the 10 year maintenance phase ends before 17 will ship. These hypothetical users that want to run an OS even older than that and don't know how to get modern crypto libraries on it but insist on a shiny new PostgreSQL release and build it from source because there are no packages available... don't exist?
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Remove obsolete unconstify()
- 1fb2308e698e 18.0 landed
-
Only perform pg_strong_random init when required
- c3333dbc0c0f 18.0 landed
-
Remove support for OpenSSL older than 1.1.0
- a70e01d4306f 18.0 landed
-
Support SSL_R_VERSION_TOO_LOW when using LibreSSL
- d80f2ce29465 17.0 landed
-
Support disallowing SSL renegotiation when using LibreSSL
- 44e27f0a6d07 17.0 landed
-
Doc: Use past tense for things which happened in the past
- 91d6429fad55 17.0 landed
-
Remove support for OpenSSL 1.0.1
- 8e278b657664 17.0 landed
-
Remove support for OpenSSL 0.9.8 and 1.0.0
- 7b283d0e1d1d 13.0 cited