upcoming release 6.1: old version of some core components
tedm at toybox.placo.com
Wed Apr 12 20:45:22 UTC 2006
>From: owner-freebsd-questions at freebsd.org
>[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of
>No at SPAM@mgEDV.net
>Sent: Wednesday, April 12, 2006 4:00 AM
>To: freebsd-questions at freebsd.org
>Subject: RE: upcoming release 6.1: old version of some core components
>did i ever mention "i love communities!" ;-)
>well, 1st of all, thx 2 all the people who gave it a whirl and
>went deeper into cvs as i would ever do (i'm definitely not a
>dev ;-), btw. that was my reason for asking this on the list )
>2nd, the thing alex brought up is very confusing, because it
>seems, that security fixes which are related to zlib 1.2.3 have
>been applied to 1.2.2#FREEBSD-VERSION and the rest (?whatever it
>is?) of the changes have not been applied (if the're any).
Maybe, maybe not.
>from my point of view (compatibility and transparence come to my
>mind) shouldn't be the code as close as possible to the original
>developed code for any library?
This is a complex answer. There are pros and cons.
First, with zlib that library is used by other programs in the system.
That library and those other programs all exist for one reason - so
the user does not have to go to the trouble of downloading and
installing them. But they don't have to be there - for example Solaris
ships with a lot of these libraries and programs missing.
As such the users are primariarly concerned with whether they can run
a command at the prompt in an out-of-the-box installation and have
it work and be secure. Most of them aren't going to be compiling
they are going to want all of it done for them when they install the
system. So they don't care about new features or whatever in zlib
they just care that it works.
>ok, we could discuss libjpeg here, but zlib should be a standard,
>and it seems for some guys it's easier to implement the fixes instead
>of upgrading to the new version.
>i'm again sure, that the maintainer of fbsd-zlib knows why,
Right, it is to best support the kinds of users I mentioned above.
applying the patch instead of reving up the software has less chance
of causing side effects if the patch is small.
Where the problem comes in is when the user wants to start
compiling software on his system that isn't in the ports.
More information about the freebsd-questions