I appreciate the info. That sounds promising. This is maintained in SVN rather than git isn't it? We typically copy it into a sub-module to maintain on our own, but our code that uses it is minimal and we haven't had any problems that required us to change it.
My question was not phrased correctly. I did not mean to ask if *you* support RHEL7, but rather whether or not the SW would work on both RHEL7 and RHEL8. I was not aware that there was only 1 maintainer, but that is good information. We keep a copy in our own repo so if support ends then we will simply have to maintain our copy and make any changes we need in the future. I suppose that could be a good reason for us to use a submodule to make it easier for us to build, link, debug and maintain as necessary until the team is ready to accept the cost of finding alternatives to Xerces, Xalan, Santuario, etc. Thanks, Shawn Fox -----Original Message----- From: Cantor, Scott <[email protected]> Sent: Wednesday, October 25, 2023 8:12 AM To: [email protected] Subject: Re: Apache Santuario and OpenSSL native library use on RHEL8 External Email Alert This email has been sent from an account outside of the BAE Systems network. Please treat the email with caution, especially if you are requested to click on a link, decrypt/open an attachment, or enable macros. For further information on how to spot phishing, access “Cybersecurity OneSpace Page” and report phishing by clicking the button “Report Phishing” on the Outlook toolbar. > I appreciate that information. Do you still support RHEL7? Well, in some sense *I* only support Shibboleth period and I'm the sole maintainer left for this, so...I wouldn't be using it unless you're prepared to join the project. That's just reality now. Xerces is all but dead and if that eventually officially goes to the attic, this code goes with it by definition. Having said that, yes, the code supports RHEL7 until such time as it sunsets next year for free support. At that point, my project drops it officially and so does my willingness to support it here. Having said *that*, Amazon Linux 2 is based on RHEL7 and it sunsets a year after RHEL7 so I'm stuck supporting that for another year and it's likely that supporting one implies the other. Support in this context really amounts to what fixes I would be willing to do new releases for if something arose. > The openssl installed on RHEL7 and RHEL8 is different so I need to > find one that will work on both for now until we can stop supporting > our SW on RHEL7. The 2.x code works with the versions of OpenSSL dating back to the one shipped with RHEL7 and up through 3.1, it has build support for all of them and does not use any newer APIs exclusively. In fact, it depends on deprecated methods and will eventually break on a future version and it's probably unlikely that gets fixed by me. I don't recall specifically how far back the support goes in terms of what physically builds and runs but if RHEL 7 is still on 1.0.2, then it definitely works back that far, and that's probably the limit. -- Scott
