upcoming release 6.1: old version of some core components

Wed Apr 12 18:48:53 UTC 2006

On Wed, Apr 12, 2006 at 08:42:44PM +0200, martinko wrote:
> Kris Kennaway wrote:
> > On Tue, Apr 11, 2006 at 05:46:06PM +0200, No at SPAM@mgEDV.net wrote:
> > 
> >> 
> >>
> >>>I can't answer you main question, but I would say that you can bet your 
> >>>shirt on the fact that there will be no known security issues in the 
> >>>older packages.
> >>
> >>>At least for openssl and openssh you can get latest versions through the 
> >>>ports.  Not an option for everything -- I see no zlib for example and I 
> >>>don't believe there's a standard cvs port either.
> >>
> >>as for zlib i definitely know, that there are 2 security flaws, which can
> >>lead to problems when invalid compressed data is feeded.
> > 
> > 
> > Already fixed as soon as they were published.  Are there other reasons
> > to upgrade?
> > 
> > 
> >>my problem also is not the installation of ports/packages/custom compiles,
> >>it's more that the operating system components itself are linked against
> >>these older libraries an therefore will contain bugs, which may have been
> >>already solved.
> > 
> > 
> > The other side of this is that newer versions are often incompatible
> > (OpenSSL, I'm looking at you), which rules out upgrading the version
> > in a FreeBSD-STABLE branch since it ruins binary compatibility.
> > 
> > Kris
> 
> one may wonder why they change very minor version number/letter only, if
> the changes are so disturbing..

It's more that they don't have the foresight and discipline not to
keep breaking interfaces.  This may have changed recently, but I think
their policy is still "until we release openssl 1.0 we make no
promises about compatibility".

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060412/f58ae24e/attachment.pgp