On Tue, 11 Apr 2006 14:55:06 +0200
"[EMAIL PROTECTED]@mgEDV.net" <[EMAIL PROTECTED]> wrote:
> 
> hi together,
> 
> during testing the 6.1-BETA4 i found only one major thing
> i really like to discuss on the list for my understanding.
> 
> why are some major parts of the os are not updated to the
> current versions (see examples beyond)? code-improvements
> and security-/functionality-fixes come to my mind here.
> 
> examples given:
> zlib (v1.2.2, 10/2004; current 1.2.3, 07/2005)
> openssl (v0.9.7e, 10/2004; current 0.9.7i, 10/2005)
> openssh (v4.2p1, 01/2005, current 4.3p2 02/2006)
> 
> for openssh, the code-freeze of freebsd was before the
> release of 4.3, this makes sense, but what about the rest?

While you'd have to contact the maintainers of the specific packages,
I assume that you mostly answered your own question.

There are limited resources to develop FreeBSD, and a large number of
contributed packages that have to be maintained.  Each time a contrib
is updated, it must be thoroughly tested before being merged into a
production release.  This takes man hours.

Do you know of any specific security issues that have not been addressed
relating to these packages?  If so, you should contact the security
officer directly to get the issues on the top of the priority list.
If it's just feature improvements, then it will be a matter of who has
enough time and motivation to get the new versions imported.  OpenSSL
is a non-trivial part of FreeBSD, so upgrading is not something to be
taken lightly.

Regardless, it would be worthwhile for you to see if there is an
outstanding PR and file one if there isn't.  Sometimes developers get
so busy that they don't notice that software is getting old.

-- 
Bill Moran
Collaborative Fusion Inc.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to