Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

On Fri, Sep 8, 2023 at 11:48 AM Michael Paquier <michael@paquier.xyz> wrote:
> On Thu, Sep 07, 2023 at 01:44:11PM +0200, Daniel Gustafsson wrote:
> > Sadly I wouldn't be the least bit surprised if there are 1.0.2 users on modern
> > operating systems, especially given its LTS status (which OpenSSL hasn't even
> > capped but sells by "for as long as it remains commercially viable to do so"
> > basis).
>
> Yes, I would not be surprised by that either.  TBH, I don't like much
> the fact that we rely on OpenSSL to decide when we should cut it.
> Particularly since all the changes given to it after it got EOL'd are
> close source at this point.

Right, just like there are people running ancient PostgreSQL and
buying support.  That's not relevant to PostgreSQL 17 IMHO, which
should target contemporary distributions.

BTW I'm not asking anyone to do anything here, I just didn't want to
allow the "RHEL ELS" and "closed source OpenSSL [sic]" theories
mentioned on this thread to go unchallenged.  Next time I'm trying to
clean up some other cruft in our tree, I don't want this thread to be
cited as evidence that that is our policy, because I don't buy it, it
doesn't make any sense.  Of course there is someone, somewhere selling
support for anything you can think of.  There are companies that
support VAXen.  There's a company in Irvine, California selling and
supporting modern drop-in replacements for PDP 11s for production use.