Date: Tue, 11 Apr 2006 09:15:32 -0400 From: Bill Moran <wmoran@collaborativefusion.com> To: freebsd-questions@freebsd.org Subject: Re: upcoming release 6.1: old version of some core components Message-ID: <20060411091532.44148ccb.wmoran@collaborativefusion.com> In-Reply-To: <000701c65d67$28a9d030$dededede@avalon.lan> References: <000701c65d67$28a9d030$dededede@avalon.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 11 Apr 2006 14:55:06 +0200 "No@SPAM@mgEDV.net" <nospam@mgedv.net> wrote: > > hi together, > > during testing the 6.1-BETA4 i found only one major thing > i really like to discuss on the list for my understanding. > > why are some major parts of the os are not updated to the > current versions (see examples beyond)? code-improvements > and security-/functionality-fixes come to my mind here. > > examples given: > zlib (v1.2.2, 10/2004; current 1.2.3, 07/2005) > openssl (v0.9.7e, 10/2004; current 0.9.7i, 10/2005) > openssh (v4.2p1, 01/2005, current 4.3p2 02/2006) > > for openssh, the code-freeze of freebsd was before the > release of 4.3, this makes sense, but what about the rest? While you'd have to contact the maintainers of the specific packages, I assume that you mostly answered your own question. There are limited resources to develop FreeBSD, and a large number of contributed packages that have to be maintained. Each time a contrib is updated, it must be thoroughly tested before being merged into a production release. This takes man hours. Do you know of any specific security issues that have not been addressed relating to these packages? If so, you should contact the security officer directly to get the issues on the top of the priority list. If it's just feature improvements, then it will be a matter of who has enough time and motivation to get the new versions imported. OpenSSL is a non-trivial part of FreeBSD, so upgrading is not something to be taken lightly. Regardless, it would be worthwhile for you to see if there is an outstanding PR and file one if there isn't. Sometimes developers get so busy that they don't notice that software is getting old. -- Bill Moran Collaborative Fusion Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060411091532.44148ccb.wmoran>