[openssl-dev] [openssl-announce] OpenSSL version 1.0.2 released

[Steffen Nurpmeso]

Hello,

Thanks for OpenSSL first.
And again when you can read this.

Matt Caswell <matt at openssl.org> wrote:
 |On 22/01/15 22:34, Steffen Nurpmeso wrote:
 |> Since noone else seems to say a word.
 |> I personally didn't understand at all why v1.0.2 when its
 |> end-of-life is in sight already.
 |
 |From my personal point of view I would like all our releases to have
 |defined up front lifetimes, so that it is clear how long you can expect
 |to receive support for.  With respect to 1.0.2 we're not actually quite
 |there as we've only said:
 |Version 1.0.2 will be supported until at least 2016-12-31.

My bad!  I would have sworn that i had read 2015-12-31 as EOL for
v1.0.2 in some message, but apparantly no such statement was
posted to @announce, @devel nor @user at all.

 |Note the "at least". There is a good chance that it will be supported
 |for significantly longer than that. The reasons for that are discussed
 |in my recent blog post:
 |https://www.openssl.org/blog/blog/2014/12/23/the-new-release-strategy/

I personally would prefer such a posting on -dev@, but great that
lynx(1) can be used to read this blog, that's not self-evident.

 |>  Now you have to continue to
 |> track three active branches.  But this is your problem of course.
 |
 |Actually its four :-( - 0.9.8, 1.0.0, 1.0.1 and 1.0.2 (and of course we
 |have master as well). Again see my blog post for a discussion on the
 |thinking that went into it. As ever these decisions are a compromise
 |between many competing pressures.

Sympathy!
After all you are now more with some support by the vcs.

 [.]
 |> So why that hastiness, now that OpenSSL gains enough money to pay
 [.]

 |Well 1.0.2 was in beta for nearly a year, so I'm not sure I would

Of course.  Of course.
And i think we are all looking forward to see what the future
brings.  (Myself even starves for documentation [coverage]
improvements.)

--steffen