From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Victor Wagner <vitus(at)wagner(dot)pp(dot)ru>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: PostgreSQL12 and older versions of OpenSSL |
Date: | 2019-09-25 06:55:14 |
Message-ID: | 20190925065514.GJ1815@paquier.xyz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Sep 24, 2019 at 11:25:30AM -0400, Tom Lane wrote:
> Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> writes:
>> ... I wonder if we should really continue to support
>> OpenSSL 0.9.8.
>
> Fair question, but post-rc1 is no time to be moving that goalpost
> for the v12 branch.
Yeah. I worked in the past with SUSE-based appliances, and I recall
that those folks have been maintaining their own patched version of
OpenSSL 0.9.8 with a bunch of custom patches, some of them coming from
newer versions of upstream to take care of security issues with 0.9.8.
So even if they call their version 0.9.8j, I think that they include
much more security-related fixes than their version string suggests.
I don't know at which extent though.
>> Anyway I suppose it's not impossible that third parties are still
>> maintaining their 1.0.0 branch,
>
> Another data point on that is that Red Hat is still supporting
> 1.0.1e in RHEL6. I don't think we should assume that just because
> OpenSSL upstream has dropped support for a branch, it no longer
> exists in the wild.
>
> Having said that, if it makes our lives noticeably easier to
> drop support for 0.9.8 in HEAD, I won't stand in the way.
Agreed. There is an argument for dropping support for OpenSSL 0.9.8
in 13~, but I don't agree of doing that in 12. Let's just fix the
issue.
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Kyotaro Horiguchi | 2019-09-25 06:55:46 | Re: PATCH: standby crashed when replay block which truncated in standby but failed to truncate in master node |
Previous Message | Kyotaro Horiguchi | 2019-09-25 06:50:32 | Re: Remove page-read callback from XLogReaderState. |