From owner-freebsd-questions@FreeBSD.ORG Tue Apr 11 15:46:05 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B9C716A406 for ; Tue, 11 Apr 2006 15:46:05 +0000 (UTC) (envelope-from nospam@mgedv.net) Received: from mgedv.at (mail.mgedv.at [195.3.87.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DB7E43D48 for ; Tue, 11 Apr 2006 15:46:03 +0000 (GMT) (envelope-from nospam@mgedv.net) Received: from metis (localhost [127.0.0.1]) by mgedv.at (SMTPServer) with ESMTP id 42AD5186864 for ; Tue, 11 Apr 2006 17:46:02 +0200 (MEST) From: "No@SPAM@mgEDV.net" To: Date: Tue, 11 Apr 2006 17:46:06 +0200 Message-ID: <001301c65d7f$0b9dab70$dededede@avalon.lan> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <443BAE40.9050704@dial.pipex.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 thread-index: AcZda616Hn0l1mrMSRuXZVsHoUs+LwAEiLhA Subject: RE: upcoming release 6.1: old version of some core components X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nospam@mgedv.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Apr 2006 15:46:05 -0000 > I can't answer you main question, but I would say that you can bet your >shirt on the fact that there will be no known security issues in the > older packages. > At least for openssl and openssh you can get latest versions through the > ports. Not an option for everything -- I see no zlib for example and I > don't believe there's a standard cvs port either. as for zlib i definitely know, that there are 2 security flaws, which can lead to problems when invalid compressed data is feeded. my problem also is not the installation of ports/packages/custom compiles, it's more that the operating system components itself are linked against these older libraries an therefore will contain bugs, which may have been already solved. i definitely don't want to install openssl twice on the same host, as this make's no sense for me. if the os operates with the old version, security is at that level at all, regardless of one or another userland-daemon having a newer version being linked to. whatever, i will use freebsd anyways, regardless of my main question getting answered or not ;-) br & cu...