Hello Gert > Sent: Friday, June 23, 2023 at 2:09 PM > From: "Gert Doering" <g...@greenie.muc.de> > To: "Stella Ashburne" <rewe...@gmx.com> > Cc: openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] Request: A *.deb package for OpenVPN 2.5.9 on > Debian 12/Bookworm > > > Why would you want that, when bookworm ships with OpenVPN 2.6.2? > > gert
I just checked and found that Debian Bookworm's version of OpenVPN is 2.6.3-1. It is not yet updated to 2.6.4 (According to https://github.com/OpenVPN/openvpn/blob/v2.6.4/Changes.rst, version 2.6.4 provides some fixes to bugs discovered in 2.6.3) Secondly, I find that the pace with which the minor versions of 2.6 series is released to be too fast. It just takes about five months for 2.6.0 to reach 2.6.5. OpenVPN is a privacy-focused software and I fear there is insufficient time to uncover bugs and security vulnerabilities. I know there is this novel technology called DCO (data channel offload). Without enough time for it to prove itself that it is safe and secure for us to use, we end-users might unwittingly offload our sensitive data to the channels operated by state-sponsored hackers and cyber criminals. When this happens, DCO would become the butt of jokes among OpenVPN users. Let's compare the length of time taken to release 2.5.9 to that of version 2.6.5. Version 2.5.0 was released on 28 October 2020 and the final version 2.5.9 was released about two years and four months later. There was sufficient time for bugs and security vulnerabilities to be uncovered and patched. Thirdly, most commercial VPN service providers might not be keen to upgrade their OpenVPN versions to the 2.6 series due to stability concerns and the impact of the latter on their businesses. Best regards. Stella _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
