wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: Andrew Fried <afried@spamteq.com>
To: wireguard@lists.zx2c4.com
Subject: Re: Should we sunset Windows 7 support?
Date: Tue, 10 Nov 2020 17:38:19 +0000	[thread overview]
Message-ID: <K17360-33.1605029899@spamhaus.org> (raw)
In-Reply-To: <CAHmME9rW1e+rRc8q+-_eLR=U9OTn+Sn84ECJtGFY=Hjg8kzfEQ@mail.gmail.com>

We recently began deploying clusters of recursive DNS "firewalls" that
use wireguard to secure and authenticate all traffic between the client
and servers.   What we quickly learned was that virtually the entire
customer base in India uses Windows 7 almost exclusively.

I can certainly understand the desire to streamline development and
focus on current versions of client operating systems, but by
deprecating support for Windows 7 you would be reducing the number of
potential Wireguard deployments by hundreds of millions of users,
particularly in Asian and underpopulated communities in Africa.  Most of
the end users there simply can't afford the cost of updating to the
latest version of Windows.  I personally wish this were not the case,
but it is what it is.

Andrew

On 11/10/20 7:27 AM, Jason A. Donenfeld wrote:
> Hi,
>
> Windows 7 has been EOL'd by Microsoft since January of this year. It
> is no longer receiving security updates or fixes. This email is to get
> the conversation started about doing the same with WireGuard for
> Windows.
>
> Supporting Windows 7 is an ongoing maintenance burden. For example, we
> use SHA2 signatures instead of SHA1 signatures for our drivers, which
> is not something we want to compromise on, and as a result Windows 7
> users must have KB2921916 installed. But Microsoft never supplied
> KB2921916 via Windows Update and it removed all Windows 7 hotfixes
> from its webpage last year. So in order to keep supporting this, we're
> forced to add clunky disgusting code like this:
> https://git.zx2c4.com/wireguard-windows/commit/?id=b63957dc830e39c94844d2f0d32ba29575991e44
> Keen readers will wince at all the layering violations there. Do we
> really want to keep maintaining gross stuff like this? It makes me
> uncomfortable to have kludges like that sitting around in the code.
> Shouldn't I write an auto-downloader that then checks hashes?
> Shouldn't I build this into the installer? Shouldn't I.... waste tons
> of time supporting Windows 7 better?
>
> Probably not.
>
> But I know so many users are still using Windows 7. I'd like to hear
> from you to understand why, in order to assess when is the right
> moment to sunset our Windows 7 support.
>
> So, if you care for Windows 7, please pipe up! We're not going to
> remove support for it overnight, and we're not prepared yet to
> announce any sort of formal deprecation plan, but the world is moving
> on at some point.
>
> Jason

-- 
Andrew Fried
afried@spamteq.com



  parent reply	other threads:[~2020-11-12  8:29 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-10 12:27 Should we sunset Windows 7 support? Jason A. Donenfeld
2020-11-10 12:47 ` Laslo Hunhold
2020-11-10 12:56   ` samuel.progin
2020-11-10 13:06     ` Jason A. Donenfeld
2020-11-10 12:57 ` Isaac Boukris
2020-11-10 15:06 ` Reiner Karlsberg
2020-11-12  8:34   ` Jason A. Donenfeld
2020-11-12  9:13     ` Roman Mamedov
2020-11-10 17:38 ` Andrew Fried [this message]
2020-11-12  8:38   ` Jason A. Donenfeld
2020-11-12  8:46     ` Phillip McMahon
2020-11-12  8:50       ` Jason A. Donenfeld
2020-11-12  9:03       ` Berge Schwebs Bjørlo
2020-11-13  2:56         ` Jeffrey Walton
2020-11-19 16:59           ` Jason A. Donenfeld
2020-11-19 17:16             ` akloster
2021-10-07 23:35             ` Jason A. Donenfeld
2020-11-12 21:56   ` Panagiotis Kalogiratos
2020-11-12 17:38 ` Jeffrey Walton
2020-11-12 17:42   ` Phillip McMahon
2020-11-12 18:11   ` Neal Gompa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=K17360-33.1605029899@spamhaus.org \
    --to=afried@spamteq.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).