Hi, Personally I'm in favour of following the openssl point updates and I'd like to add an additional data point to the discussion:
CVE-2015-3196 was already fixed as a plain bugfix in an earlier point release, but the security impact was only noticed later on, so following the point updates would have fixed this bug five months ago. (http://www.openssl.org/news/secadv/20151203.txt for details) Cheers, Moritz
