Andres Freund wrote:
> But more seriously: Given the upstream support policies from
> https://www.openssl.org/policies/releasestrat.html :
> "
> Support for version 0.9.8 will cease on 2015-12-31. No further releases of 0.9.8 will be made after that date.
Securityfixes only will be applied to 0.9.8 until then.
> Support for version 1.0.0 will cease on 2015-12-31. No further releases of 1.0.0 will be made after that date.
Securityfixes only will be applied to 1.0.0 until then.
>
> We may designate a release as a Long Term Support (LTS) release. LTS
> releases will be supported for at least five years and we will specify
> one at least every four years. Non-LTS releases will be supported for at
> least two years.
> "
> and the amount of security fixes regularly required for openssl, I don't
> think we'd do anybody a favor by trying to continue supporting older
> versions for a long while.
>
> Note that openssl's security releases are denoted by a letter after the
> numeric version, not by the last digit. 0.9.7 was released 30 Dec 2002.
Yeah. Last of the 0.9.7 line (0.9.7m) was in 2007:
commit 10626fac1569ea37839c37b105681cd08dbe6658
Author: cvs2svn <cvs2svn>
AuthorDate: Fri Feb 23 12:49:10 2007 +0000
CommitDate: Fri Feb 23 12:49:10 2007 +0000
This commit was manufactured by cvs2svn to create tag 'OpenSSL_0_9_7m'.
Current 0.9.8 is 0.9.8zg, in June this year:
commit 0823ddc56e9aaa1de6c4f57bb45457d5eeca404d
Author: Matt Caswell <matt@openssl.org>
AuthorDate: Thu Jun 11 15:20:22 2015 +0100
CommitDate: Thu Jun 11 15:20:22 2015 +0100
Prepare for 0.9.8zg release Reviewed-by: Stephen Henson <steve@openssl.org>
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services