Nobody said we should do nothing, but it should be clear by this point that this total removal is going to cause a lot of problems for admins and users.
If Debian is going to be the only motivating factor for change then the pressure that causes the change will be from system admins hosting applications. These admins will *NEED* to re-enable older versions.
Companies might not listen to customers, but vendors listen to the money providers. It's rarely a fast change, though. It's usually a ticket tossed into the wishlist pile until enough people make noise.
I'm currently working on a project with a client to replace TLSv1.0 with TLSv1.2. We're hoping to have this rolled out in a lab in the next four months, but it's been a "priority" project for over two years.
It's not for lack of motivation or effort; there are a lot of interesting roll-out issues. This is when motivation to change already exists. "Some distro disabled support for it" is going to lead to vendors outright saying, "use a different distro and wait until we get around to it."
I imagine users would be more inclined to just switch to a different distribution that doesn't break their chrome/firefox/internet's. If a client came to us and said their agent broke because their OS dropped that support, our choice would be to say tough luck.
I don't think it was answered... Is there an actual reason that this needs to be handled urgently? Is TLSv1.0/v1.1 considered broken? Is there a reason there was no discussion on this list before the decision was made and pushed?
It might be the only way you know, but this list has lots of admin types that could probably help out. Perhaps you could upload a fixed openssl so we can open that discussion about what's appropriate?
I've already suggested dropping it from all default configs for a release cycle. It's not until the next release that we can assume a majority of pro-active admins will have been made aware that we(Debian) are deprecating older TLS versions.
Dropping out-of-the box support sounds like a great idea, but the back-out option needs to be easy and should be able to be toggled per-application, giving people a chance to react to this change instead of making them scramble for a patch.