From: Marian Hettwer [mailto:[EMAIL PROTECTED]
> OpenBSD is secure in many ways, but if the third party app has a
> security flaw and released a bugfix, I'd like to see an
> updated package
> / port too.
> Otherwise I would need to compile the bugfixed version from source,
> which doesn't make sense at all.
> So I need to be a ports commiter or something, right? :)
Yes, it is true that in the face of a security or major other bug fix for an
app that an update should be timely as well. Thing is, most of the time,
absolutely critical updates are released for ports pretty quickly; obviously
a lot of this depends on popularity of the port itself, but somewhat on the
responsiveness of the port maintainer too. However, it needs to be clearly
understood that a lag in versions on a third party app doesn't reflect on
the OS project. 3rd party apps are largely maintained by third parties. And,
the user base can just as easily contact the port maintainer to send in a
patch for a version bump too.
I already know the next argument. "OpenBSD doesn't provide critical updates
to packages as quickly as ${YOUR_LINUX_DISTRO_HERE}." I've used enough
popular distros myself to know that I _have_ had to sit around for days
using a self-built source version while I wait for the distro vendor to
produce an updated package. Resource constraints exist everywhere; no one is
on top of everything, all of the time.
DS
