OpenSSL version 0.9.7e ?!

To: debian-user <debian-user@lists.debian.org>
Subject: OpenSSL version 0.9.7e ?!
From: "Nicolas Pillot" <nicolas.pillot@gmail.com>
Date: Wed, 15 Nov 2006 17:36:54 +0100
Message-id: <[🔎] 9f76a5860611150836q33811e26y198e795b704f2ede@mail.gmail.com>

I had a strong *shrug* when i noticed that my stable system
(originally woody, upgraded to sarge without kernel change) still had
OpenSSL version 0.9.7e installed, despite a dayly dist-upgrade.

After looking at debian's sarge repository, i saw that the most up to
date package is 0.9.7e-3sarge4, which i have (0.9.7 dates back from
2004). My question is, why on earth don't we have a newer version ?

I counted about 12 different releases, either 0.9.7- or 0.9.8-based,
each including security fixes. I could understand the will not to
upgrade to 0.9.8, but i count 7 more recent 0.9.7 versions (up to
0.9.7L version, and the stable debian package build version is -4...

Even with a backport of the security fixes, i can't guess how the ssl
pacakge i have 0.9.7e-3sarge4 could be the most up-to-date one
(security wise).

I though that all the security fixes were included into sarge, am i wrong ?
If someone could give me some details, i'd be quite happy to learn :-)

--
Nicolas Pillot (nicolas.pillot@gmail.com)

Reply to:

Follow-Ups:
- Re: OpenSSL version 0.9.7e ?!
  - From: "Nicolas Pillot" <nicolas.pillot@gmail.com>
- Re: OpenSSL version 0.9.7e ?!
  - From: "Kevin B. McCarty" <kmccarty@Princeton.EDU>

Prev by Date: Re: Need to remove a ghost file, but can't because it doesn't exist
Next by Date: Daemon with nice 19
Previous by thread: Re: Re: Need to remove a ghost file, but can't because it doesn't exist
Next by thread: Re: OpenSSL version 0.9.7e ?!
Index(es):
- Date
- Thread