Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:97393 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 30063 invoked from network); 13 Dec 2016 22:18:55 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Dec 2016 22:18:55 -0000 Authentication-Results: pb1.pair.com header.from=dz@heroku.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=dz@heroku.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain heroku.com designates 209.85.220.174 as permitted sender) X-PHP-List-Original-Sender: dz@heroku.com X-Host-Fingerprint: 209.85.220.174 mail-qk0-f174.google.com Received: from [209.85.220.174] ([209.85.220.174:35857] helo=mail-qk0-f174.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D4/B5-21185-EC370585 for ; Tue, 13 Dec 2016 17:18:54 -0500 Received: by mail-qk0-f174.google.com with SMTP id n21so1032636qka.3 for ; Tue, 13 Dec 2016 14:18:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heroku.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rKqer27OtFnWQTrWu6uTX+vsWjmrXCAcZtw22K7+PTA=; b=vr5jgp1ojFks8k9dG4ASP74dlYGJWX4F3tYD77mR4Oiq1ADySDQ9mycYh+jvSO+UJY 7oqHFNuorVTRO27pvxfKi+ceKkSBoLQOszIGMaYS+PKEkTdnDBrhxtUEZWMQJp1I6+F/ U40vWlhMPJul+VIbrBXJpXq/KyLmPMDGFwnUKGhXQ5tXqBTSmcluCOqpOgA0ShwdmCga vGrg9btdcDno4I/q8TjrD5JN8FVLUPMRUf7YmOzmxll5Fy3ngLNS/5Vgv9SPPP/hXWYK kRt+nRXq8ZdXEg5gINSBOk83daCkQJJTrDUv7Pz/GIS7gW5puhrFrgHzDN8L2hst2g4o eY+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rKqer27OtFnWQTrWu6uTX+vsWjmrXCAcZtw22K7+PTA=; b=glW82oApABIgbHA/CY6/otJ7MegYhdq1y2gkJd2F26GTKGlA32ryS620IBFXskfd7j OZE9uKQC32A8OdYrUZHKBHaPKxvoeZX7621ckstrjsqnXEEnCP/36bsJbXmcmpgOk6kK dkbl3/+PZ1VgrFj9an1LOxP7VgMpTKQq7FtOFxgPwrRimOVgH+uS/kh2kiNH1+g5XMzT zaRc/N9xqC+pcipDiCMyz9/+97DpDBiwe14ygfukMAKiMW5VdFuvyTYnQlHOBz8wOXfk lFbl0DoZo2fEhHUErO6KauwQV2kq0r1W5ZjvCKDUJ4MCuwObm6Vj3N61mU7RzeGOe8oa ReZA== X-Gm-Message-State: AKaTC03ybhT35hWlALbFW3TD0tIHy43yrP0l7Pu5+SuZiyXYr2I+aF1CAMP0SNMgYZemFEoC X-Received: by 10.55.25.78 with SMTP id k75mr80767696qkh.247.1481667531780; Tue, 13 Dec 2016 14:18:51 -0800 (PST) Received: from rrcs-198-179-74-14.nyc.biz.rr.com (rrcs-198-179-74-14.nyc.biz.rr.com. [198.179.74.14]) by smtp.gmail.com with ESMTPSA id r15sm30056291qte.9.2016.12.13.14.18.48 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Dec 2016 14:18:50 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) In-Reply-To: Date: Tue, 13 Dec 2016 23:18:45 +0100 Cc: Jakub Zelenka , Pierre Joye , Stanislav Malyshev , PHP internals list Content-Transfer-Encoding: quoted-printable Message-ID: References: <10aa7da4-9880-811a-92f8-71ae5dcce621@gmail.com> To: Niklas Keller X-Mailer: Apple Mail (2.3124) Subject: Re: [PHP-DEV] Bumping minimal OpenSSL version to 1.0.1 in master for PHP 7.1 From: dz@heroku.com (David Zuelke) On 13.12.2016, at 11:31, Niklas Keller wrote: >=20 > OpenSSL support for 1.0.1 will end this year. >=20 > Support for version 1.0.1 will cease on 2016-12-31. No further = releases of >> 1.0.1 will be made after that date. Security fixes only will be = applied to >> 1.0.1 until then. >> Version 1.0.0 is no longer supported. >> Version 0.9.8 is no longer supported. >=20 >=20 > We dropped 0.9.8 and 1.0.0 in 7.1. >=20 > Should we drop support for 1.0.1 in master, so it's dropped for 7.2 = then, > as it will be unsupported then? Please no. Ubuntu's 14.04 LTS is on 1.0.1f and gets security backports. EOL is = April 2019. Unless there is a hard reason (API changes or whatever) that PHP 7.2 = absolutely cannot live without, it's a bad idea, as folks on 14.04 or = similar (think RHEL etc) then have to either rely on third parties for = updates, or vendor in a newer version, even though their system libssl = is still receiving security updates. David