Re: NOTICE: Intent to T&R 2.4.36
> On 10 Oct 2018, at 21:04, Jim Jagielski <jim@xxxxxxxxxxx> wrote:
>> Does the TLSv1.3 support need to be production ready?
>> TLSv1.3 is presumably an opt-in feature and as long as it doesn’t endanger existing behaviours, I would have assumed it’s relatively safe to release with caveats in the docs.
>> Of course, once there’s more take-up of TLSv1.3, then the test suite needs to be useful. Getting real-world feedback about something completely new that doesn’t endanger existing behaviours outside of TLSv1.3 is probably worthwhile.
> The issue is that such a major feature enhancement touches a lot of code. That can cause regressions.
> Sometimes, some people try to reduce and restrict development and new features using that as an argument. I, and numerous others, have consistently disagreed with that as a convincing argument against adding stuff to 2.4.x. In this particular situation, the "usual suspect(s)" were actually very gung-ho on release, despite this being the exact kind of situation they would normally balk against. I was noting the discrepancy and wondering the reasoning…
Fair enough, I hadn’t checked to see how invasive the change was. I had assumed a lot of "#ifdef TLSV13” protecting current behaviours.