openssl from ports
RW
rwmaillists at googlemail.com
Sat Mar 3 15:11:04 UTC 2012
On Sat, 3 Mar 2012 08:31:41 -0500
Jerry wrote:
> On Sat, 03 Mar 2012 12:49:18 +0000
> Matthew Seaman articulated:
>
> > Unfortunately I can't answer that. I'm not in any position to
> > decide such things.
> >
> > However I can hazard a guess at some of the possible reasons:
> >
> > * openssl API changes between 0.9.x and 1.0.0 mean updating the
> > shlibs is not a trivial operation, and it was judged that the
> > benefits obtained from updating did not justify the effort.
> >
> > * no one had any time to import the new version. There's plenty
> > of security-critical stuff depending on openssl, and making sure all
> > of that didn't suffer from any regressions is not a trivial
> > job.
> Thanks Matthew. Personally, I have my own take on the matter.
> Regarding your first two possibility, I believe the problem can be
> directly traced to "procrastination". At some point in time, there
> will come the need to update the base system's OPENSSL version.
> Procrastination only doubles the work you have to do tomorrow.
In general skipping versions and letting the more gung-ho linux
distributions knock the bugs out doesn't double the work.
> It
> reminds me of what a college professor once told me, "There is never
> enough time to do it right, but there is always enough time to do it
> over." Sad but true.
I would interpret this in completely the opposite way. This is an
argument for using mature software, keeping it well patched and
updating only when the case for updating justifies the effort of doing
it properly.
More information about the freebsd-questions
mailing list