From owner-freebsd-security@FreeBSD.ORG  Wed Jun 11 09:32:55 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 380FE252
 for <freebsd-security@freebsd.org>; Wed, 11 Jun 2014 09:32:55 +0000 (UTC)
Received: from mail-qc0-x229.google.com (mail-qc0-x229.google.com
 [IPv6:2607:f8b0:400d:c01::229])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id F17992132
 for <freebsd-security@freebsd.org>; Wed, 11 Jun 2014 09:32:54 +0000 (UTC)
Received: by mail-qc0-f169.google.com with SMTP id c9so4148207qcz.0
 for <freebsd-security@freebsd.org>; Wed, 11 Jun 2014 02:32:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:date:message-id:subject:from:to:content-type;
 bh=G9NfCVL7SGlI6oKKNOADi2qE5G8FscQjfXxzJGa75/4=;
 b=i9hLmLXVrdj6pr/Q4itqykbMwPQpbHv3v4DkUMT7hr2QaRsA+emmMhPcSkDXQR08cr
 gOe91fKI3AJ5t37BUbIe5VDWWuDySaJ5NVwuaObq0TCySazlNtlKAxMZXETFcTExz9z+
 EisqhrPT9Diifa27Ye6jJBOVaYLbNTCYoUtLRPM1Mrvdg3o8bdmhahi0u2VasFROZLmo
 sUMq8oXuSVN5S4xeOrWNE4KY3hBe22S61Wn2CmseTKV9C8oqSYUVOOF4p+D+PiYlqiO7
 4sJ9WyLKBW/PDz8TquZbF734BAr6MPrRj3CoQtlWIWMdkfNLHctjRIMo3EB1ktxvHn35
 J18Q==
MIME-Version: 1.0
X-Received: by 10.224.95.9 with SMTP id b9mr50946701qan.11.1402479174140; Wed,
 11 Jun 2014 02:32:54 -0700 (PDT)
Sender: benlaurie@gmail.com
Received: by 10.96.222.168 with HTTP; Wed, 11 Jun 2014 02:32:54 -0700 (PDT)
Date: Wed, 11 Jun 2014 10:32:54 +0100
X-Google-Sender-Auth: C4e2DPNvQQl9LtnmupTEronRbQk
Message-ID: <CAG5KPzyYzcu0qF9m2Fjgh7tTC=RrSMpxzHiDX5zD8_U_aB8k2A@mail.gmail.com>
Subject: OpenSSL end of life
From: Ben Laurie <ben@links.org>
To: "freebsd-security@freebsd.org security" <freebsd-security@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Mailman-Approved-At: Wed, 11 Jun 2014 11:37:05 +0000
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 09:32:55 -0000

We (the OpenSSL team) are considering a more aggressive EOL strategy.

In particular, we may EOL 0.9.8 right now, and 1.0.0 when 1.0.2 comes
out (currently in beta).

Going forward we would only maintain two versions, so when 1.0.3 comes
out, 1.0.1 would be EOL.

What do people think about this?