On Tue, Nov 19, 2019 at 11:57:56PM +0100, Lukas Tribus wrote: > Testing and implementing build fixes for APIs while they are under active > development not only takes away precious dev time, it's also causes our own > code to be messed up with workarounds possibly only needed for specific > openssl development code at one point in time.
This actually is a pretty valid point I hadn't thought about and which we experienced already in the past. It's not rare that a change gets reverted in other projects, and wasting time working around it just to see it finally cancelled is not cool. With all this said, I tend to see the CI as a way to lower the number of surprizes. This means that the most relevant stuff to test there is what we can reasonably expect to encounter in field. If some mainstream distros ship with specific openssl versions and they take care of the support themselves, it seems reasonable to keep these versions. That does not mean we have to test all combinations, as we can reasonably expect that testing a wide enough spectrum increases the likelihood that what is located between both extremities will also work. So if 1.1.0 is still shipped and maintained in relevant distros, we can keep it. Just my two cents, Willy