From owner-freebsd-questions@FreeBSD.ORG Tue Apr 11 13:25:26 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B5E716A466 for ; Tue, 11 Apr 2006 13:25:26 +0000 (UTC) (envelope-from xfb52@dial.pipex.com) Received: from smtp-out5.blueyonder.co.uk (smtp-out5.blueyonder.co.uk [195.188.213.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id D73DC4432B for ; Tue, 11 Apr 2006 13:25:22 +0000 (GMT) (envelope-from xfb52@dial.pipex.com) Received: from [172.23.170.147] (helo=anti-virus03-10) by smtp-out5.blueyonder.co.uk with smtp (Exim 4.52) id 1FTIrx-0000K8-FE; Tue, 11 Apr 2006 14:25:21 +0100 Received: from [80.192.25.195] (helo=[192.168.0.2]) by asmtp-out6.blueyonder.co.uk with esmtp (Exim 4.52) id 1FTIrw-0002Uf-V1; Tue, 11 Apr 2006 14:25:21 +0100 Message-ID: <443BAE40.9050704@dial.pipex.com> Date: Tue, 11 Apr 2006 14:25:20 +0100 From: Alex Zbyslaw User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.12) Gecko/20060305 X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <000701c65d67$28a9d030$dededede@avalon.lan> In-Reply-To: <000701c65d67$28a9d030$dededede@avalon.lan> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: upcoming release 6.1: old version of some core components X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Apr 2006 13:25:26 -0000 No@SPAM@mgEDV.net wrote: >during testing the 6.1-BETA4 i found only one major thing >i really like to discuss on the list for my understanding. > >why are some major parts of the os are not updated to the >current versions (see examples beyond)? code-improvements >and security-/functionality-fixes come to my mind here. > >examples given: >zlib (v1.2.2, 10/2004; current 1.2.3, 07/2005) >openssl (v0.9.7e, 10/2004; current 0.9.7i, 10/2005) >openssh (v4.2p1, 01/2005, current 4.3p2 02/2006) > >for openssh, the code-freeze of freebsd was before the >release of 4.3, this makes sense, but what about the rest? > > > I can't answer you main question, but I would say that you can bet your shirt on the fact that there will be no known security issues in the older packages. At least for openssl and openssh you can get latest versions through the ports. Not an option for everything -- I see no zlib for example and I don't believe there's a standard cvs port either. --Alex