did i ever mention "i love communities!" ;-) 
well, 1st of all, thx 2 all the people who gave it a whirl and
went deeper into cvs as i would ever do (i'm definitely not a
dev ;-), btw. that was my reason for asking this on the list )

2nd, the thing alex brought up is very confusing, because it
seems, that security fixes which are related to zlib 1.2.3 have
been applied to 1.2.2#FREEBSD-VERSION and the rest (?whatever it
is?) of the changes have not been applied (if the're any).
from my point of view (compatibility and transparence come to my
mind) shouldn't be the code as close as possible to the original
developed code for any library?
ok, we could discuss libjpeg here, but zlib should be a standard,
and it seems for some guys it's easier to implement the fixes instead
of upgrading to the new version.
i'm again sure, that the maintainer of fbsd-zlib knows why, but
to an "not-so-deep-in-c" guy like me, it's still confusing.
with openssl even i had problems replacing one version with another,
but looking at the security, i try to stay with some more or less
current version.

finally, for the userland stuff (goes into jails anyway, so no interference
with the os at all) i'll compile/get packages with newer versions, and
the os (hell, if someone is possible to insert malicious compressed
streams on my os, he can have the box at all ;-) ) stay's with the standards
being delivered with the release/stable versions.

does this sound smart for you?

ps: i had to stop writing this 3 times because of some odd customer,
please forgive some stupid wording in here ;-)

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to