upcoming release 6.1: old version of some core components
No at SPAM at mgEDV.net
nospam at mgedv.net
Wed Apr 12 11:00:05 UTC 2006
did i ever mention "i love communities!" ;-)
well, 1st of all, thx 2 all the people who gave it a whirl and
went deeper into cvs as i would ever do (i'm definitely not a
dev ;-), btw. that was my reason for asking this on the list )
2nd, the thing alex brought up is very confusing, because it
seems, that security fixes which are related to zlib 1.2.3 have
been applied to 1.2.2#FREEBSD-VERSION and the rest (?whatever it
is?) of the changes have not been applied (if the're any).
from my point of view (compatibility and transparence come to my
mind) shouldn't be the code as close as possible to the original
developed code for any library?
ok, we could discuss libjpeg here, but zlib should be a standard,
and it seems for some guys it's easier to implement the fixes instead
of upgrading to the new version.
i'm again sure, that the maintainer of fbsd-zlib knows why, but
to an "not-so-deep-in-c" guy like me, it's still confusing.
with openssl even i had problems replacing one version with another,
but looking at the security, i try to stay with some more or less
finally, for the userland stuff (goes into jails anyway, so no interference
with the os at all) i'll compile/get packages with newer versions, and
the os (hell, if someone is possible to insert malicious compressed
streams on my os, he can have the box at all ;-) ) stay's with the standards
being delivered with the release/stable versions.
does this sound smart for you?
ps: i had to stop writing this 3 times because of some odd customer,
please forgive some stupid wording in here ;-)
More information about the freebsd-questions