From owner-freebsd-questions@FreeBSD.ORG Wed Apr 12 19:07:49 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7717616A401 for ; Wed, 12 Apr 2006 19:07:49 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF1E143D53 for ; Wed, 12 Apr 2006 19:07:48 +0000 (GMT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1FTkgj-000815-4U for freebsd-questions@freebsd.org; Wed, 12 Apr 2006 21:07:37 +0200 Received: from r5k20.chello.upc.cz ([86.49.10.20]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 12 Apr 2006 21:07:37 +0200 Received: from martinkov by r5k20.chello.upc.cz with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 12 Apr 2006 21:07:37 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: martinko Date: Wed, 12 Apr 2006 21:07:11 +0200 Lines: 59 Message-ID: References: <443BAE40.9050704@dial.pipex.com> <001301c65d7f$0b9dab70$dededede@avalon.lan> <20060411203727.GA90177@xor.obsecurity.org> <20060412184851.GA25677@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: r5k20.chello.upc.cz User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051205 X-Accept-Language: sk, cs, en-gb, en-us, en In-Reply-To: <20060412184851.GA25677@xor.obsecurity.org> Sender: news Subject: Re: upcoming release 6.1: old version of some core components X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Apr 2006 19:07:49 -0000 Kris Kennaway wrote: > On Wed, Apr 12, 2006 at 08:42:44PM +0200, martinko wrote: > >>Kris Kennaway wrote: >> >>>On Tue, Apr 11, 2006 at 05:46:06PM +0200, No@SPAM@mgEDV.net wrote: >>> >>> >>>> >>>>>I can't answer you main question, but I would say that you can bet your >>>>>shirt on the fact that there will be no known security issues in the >>>>>older packages. >>>> >>>>>At least for openssl and openssh you can get latest versions through the >>>>>ports. Not an option for everything -- I see no zlib for example and I >>>>>don't believe there's a standard cvs port either. >>>> >>>>as for zlib i definitely know, that there are 2 security flaws, which can >>>>lead to problems when invalid compressed data is feeded. >>> >>> >>>Already fixed as soon as they were published. Are there other reasons >>>to upgrade? >>> >>> >>> >>>>my problem also is not the installation of ports/packages/custom compiles, >>>>it's more that the operating system components itself are linked against >>>>these older libraries an therefore will contain bugs, which may have been >>>>already solved. >>> >>> >>>The other side of this is that newer versions are often incompatible >>>(OpenSSL, I'm looking at you), which rules out upgrading the version >>>in a FreeBSD-STABLE branch since it ruins binary compatibility. >>> >>>Kris >> >>one may wonder why they change very minor version number/letter only, if >>the changes are so disturbing.. > > > It's more that they don't have the foresight and discipline not to > keep breaking interfaces. This may have changed recently, but I think > their policy is still "until we release openssl 1.0 we make no > promises about compatibility". > > Kris and it feels they're not going to release 1.0 any time soon.. i've been seeing 0.9.something for longer than i can remember. and btw i've always thought of openssl and openssh as somehow coupled/interconnected. but openssl hasn't reached 1.0 while openssh is already past 4. (and again it seems to me openssh changes major numbers not according to major changes but whenever its version reaches x.9.) funny.