Date: Sat, 3 Mar 2012 15:10:53 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: openssl from ports Message-ID: <20120303151053.6dbe3d68@gumby.homeunix.com> In-Reply-To: <20120303083141.1975c60c@scorpio> References: <86fwdqvf2x.fsf@red.stonehenge.com> <20120302171631.775dd715@scorpio> <867gz2vdtg.fsf@red.stonehenge.com> <20120302182156.58c10d82@scorpio> <4F515B24.9050406@infracaninophile.co.uk> <20120303071958.0c963330@scorpio> <4F52134E.1090408@infracaninophile.co.uk> <20120303083141.1975c60c@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 3 Mar 2012 08:31:41 -0500 Jerry wrote: > On Sat, 03 Mar 2012 12:49:18 +0000 > Matthew Seaman articulated: > > > Unfortunately I can't answer that. I'm not in any position to > > decide such things. > > > > However I can hazard a guess at some of the possible reasons: > > > > * openssl API changes between 0.9.x and 1.0.0 mean updating the > > shlibs is not a trivial operation, and it was judged that the > > benefits obtained from updating did not justify the effort. > > > > * no one had any time to import the new version. There's plenty > > of security-critical stuff depending on openssl, and making sure all > > of that didn't suffer from any regressions is not a trivial > > job. > Thanks Matthew. Personally, I have my own take on the matter. > Regarding your first two possibility, I believe the problem can be > directly traced to "procrastination". At some point in time, there > will come the need to update the base system's OPENSSL version. > Procrastination only doubles the work you have to do tomorrow. In general skipping versions and letting the more gung-ho linux distributions knock the bugs out doesn't double the work. > It > reminds me of what a college professor once told me, "There is never > enough time to do it right, but there is always enough time to do it > over." Sad but true. I would interpret this in completely the opposite way. This is an argument for using mature software, keeping it well patched and updating only when the case for updating justifies the effort of doing it properly.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120303151053.6dbe3d68>