upcoming release 6.1: old version of some core components

Bill Moran wmoran at collaborativefusion.com
Tue Apr 11 13:15:33 UTC 2006

On Tue, 11 Apr 2006 14:55:06 +0200
"No at SPAM@mgEDV.net" <nospam at mgedv.net> wrote:
> hi together,
> during testing the 6.1-BETA4 i found only one major thing
> i really like to discuss on the list for my understanding.
> why are some major parts of the os are not updated to the
> current versions (see examples beyond)? code-improvements
> and security-/functionality-fixes come to my mind here.
> examples given:
> zlib (v1.2.2, 10/2004; current 1.2.3, 07/2005)
> openssl (v0.9.7e, 10/2004; current 0.9.7i, 10/2005)
> openssh (v4.2p1, 01/2005, current 4.3p2 02/2006)
> for openssh, the code-freeze of freebsd was before the
> release of 4.3, this makes sense, but what about the rest?

While you'd have to contact the maintainers of the specific packages,
I assume that you mostly answered your own question.

There are limited resources to develop FreeBSD, and a large number of
contributed packages that have to be maintained.  Each time a contrib
is updated, it must be thoroughly tested before being merged into a
production release.  This takes man hours.

Do you know of any specific security issues that have not been addressed
relating to these packages?  If so, you should contact the security
officer directly to get the issues on the top of the priority list.
If it's just feature improvements, then it will be a matter of who has
enough time and motivation to get the new versions imported.  OpenSSL
is a non-trivial part of FreeBSD, so upgrading is not something to be
taken lightly.

Regardless, it would be worthwhile for you to see if there is an
outstanding PR and file one if there isn't.  Sometimes developers get
so busy that they don't notice that software is getting old.

Bill Moran
Collaborative Fusion Inc.

More information about the freebsd-questions mailing list