From owner-freebsd-questions@FreeBSD.ORG Tue Apr 11 13:15:33 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74D8D16A402 for ; Tue, 11 Apr 2006 13:15:33 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10A94442FE for ; Tue, 11 Apr 2006 13:15:32 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from vanquish.pgh.priv.collaborativefusion.com (vanquish.pgh.priv.collaborativefusion.com [192.168.2.61]) by wingspan with esmtp; Tue, 11 Apr 2006 09:15:32 -0400 id 00056407.443BABF4.00009EEC Date: Tue, 11 Apr 2006 09:15:32 -0400 From: Bill Moran To: freebsd-questions@freebsd.org Message-Id: <20060411091532.44148ccb.wmoran@collaborativefusion.com> In-Reply-To: <000701c65d67$28a9d030$dededede@avalon.lan> References: <000701c65d67$28a9d030$dededede@avalon.lan> Organization: Collaborative Fusion X-Mailer: Sylpheed version 2.2.0 (GTK+ 2.8.12; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: upcoming release 6.1: old version of some core components X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Apr 2006 13:15:33 -0000 On Tue, 11 Apr 2006 14:55:06 +0200 "No@SPAM@mgEDV.net" wrote: > > hi together, > > during testing the 6.1-BETA4 i found only one major thing > i really like to discuss on the list for my understanding. > > why are some major parts of the os are not updated to the > current versions (see examples beyond)? code-improvements > and security-/functionality-fixes come to my mind here. > > examples given: > zlib (v1.2.2, 10/2004; current 1.2.3, 07/2005) > openssl (v0.9.7e, 10/2004; current 0.9.7i, 10/2005) > openssh (v4.2p1, 01/2005, current 4.3p2 02/2006) > > for openssh, the code-freeze of freebsd was before the > release of 4.3, this makes sense, but what about the rest? While you'd have to contact the maintainers of the specific packages, I assume that you mostly answered your own question. There are limited resources to develop FreeBSD, and a large number of contributed packages that have to be maintained. Each time a contrib is updated, it must be thoroughly tested before being merged into a production release. This takes man hours. Do you know of any specific security issues that have not been addressed relating to these packages? If so, you should contact the security officer directly to get the issues on the top of the priority list. If it's just feature improvements, then it will be a matter of who has enough time and motivation to get the new versions imported. OpenSSL is a non-trivial part of FreeBSD, so upgrading is not something to be taken lightly. Regardless, it would be worthwhile for you to see if there is an outstanding PR and file one if there isn't. Sometimes developers get so busy that they don't notice that software is getting old. -- Bill Moran Collaborative Fusion Inc.