Re: Update minimum SSL version

Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
> On 2019-12-03 12:44, Magnus Hagander wrote:
>> On Tue, Dec 3, 2019 at 12:09 PM Michael Paquier <michael(at)paquier(dot)xyz
>> <mailto:michael(at)paquier(dot)xyz>> wrote:
>> On Tue, Dec 03, 2019 at 10:10:57AM +0100, Magnus Hagander wrote:
>>> Is 1.0.1 considered a separate major from 1.0.0, in this reasoning? Because
>>> while retiring 1.0.0 should probably not be that terrible, 1.0.1
>>> is still in very widespread use on most long term supported distributions.

> This would mean we'd stop support for RHEL 5, which is probably OK,
> seeing that even the super-extended support ends in November 2020.

> Dropping RHEL 5 would also allow us to drop support for Python 2.4,
> which is something I've been itching to do. ;-)

> In both of these cases, maintaining support for all these ancient
> versions is a significant burden IMO, so it would be good to clean up
> the tail end a bit.

So, what exactly are we going to set as the new minimum version in
each case? I'll have to go update my trailing-edge-Johnnie buildfarm
critters, and it'd make sense to have them continue to test the
oldest nominally-supported versions.

For OpenSSL it seems like 1.0.1a is the target, per the above
discussion.

For Python, I'll just observe that RHEL6 ships 2.6.6, so we can't
bump up to 2.7.

regards, tom lane