OpenSSL end of life
Dan Lukes
dan at obluda.cz
Wed Jun 11 12:14:49 UTC 2014
On 06/11/14 11:32, Ben Laurie:
> Going forward we would only maintain two versions, so when 1.0.3 comes
> out, 1.0.1 would be EOL.
So, the date of EOL of 1.0.1 will not be known. Just some day the 1.0.3
will be released and 1.0.1 become damned.
Also, I consider its not so friendly to projects using the OpenSSL.
Some of them wish to declare lifetime of particular version at the time
of release. It will be possible no longer as embedded OpenSSL may become
obsolete at any time.
What about ongoing FreeBSD 9.3 release ? According tradition, it's EOL
should occur two years past release. But what we will do if embedded
version of OpenSSL become unsupported just this winter ?
I need to make long term upgrade plans. Not happy with "as OpenSSL
declared EOL, your version of FreeBSD has been EOLed as well. Upgrade
NOW (or within two weeks - it's no substantial difference for me)"
Just my $0.02 ...
Dan
More information about the freebsd-security
mailing list