Node LTS and OpenSSL support End

[shigeki]

I should have written this more earlier, the difference of support policy between OpenSSL and Node LTS. openssl-1.0.2 support policy has just come out today as https://www.openssl.org/policies/releasestrat.html
The map table of each support end is the follwing.

Release	OpenSSL Version	OpenSSL Support End	Node LTS End
v0.10	1.0.1	2016-12-31	2016-10-01
v0.12	1.0.1	2016-12-31	2017-04-01
v4.4.1	1.0.2	2019-12-31	2018-04-01
v.Next(Released on 2016-10-1 if we still use openssl-1.0.2)	1.0.2	2019-12-31	2019-04-1
v.NextNext(Released on 2017-10-1 if we still use openssl-1.0.2)	1.0.2	2019-12-31	2020-04-1
v.??(Released if we already upgrade to openssl-1.1.0)	1.1.0(To be released by the end of 2015)	TBD	TBD

What was worse is that node-v0.12 cannot continue to support by 2017-04-01 in regarding to openssl-1.0.1 support end. And the issue in the future is that we have to upgrade openssl-1.1.0 before release of Node on 2017-10-1 but I think it depends the actual release date of 1.1.0. It is API/ABI incompatible to 1.0.2 so that upgrading to 1.1.0 leads a major version up of Node.

I think there are 3 options to go for node-v0.12

• Change the date of LTS support of node-v0.12 to 2016-12-31 to meet openssl-1.0.1.
• Upgrade openssl of node-v0.12 to 1.0.2 which has API/ABI compatible to 1.0.1.
• Accept 3 months support blank.

Thoughts?

[bnoordhuis]

Resolution from today's LTS meeting:

• For v0.12, shorten support by three months to coincide with openssl 1.0.1's EOL.
• For next+1, upgrade to openssl 1.1.0 as soon as it's available.

Closing, resolved.