Re: [arch-general] out of date packages - an observation
On Wed, Sep 07, 2016 at 11:51:20AM -0400, Genes Lists via arch-general wrote: > openssl - Arch has 1.0.2.h - Out of date as of 8/25/2016 > - 1.1.0 was released upstream on 8/25/2016 This one is a most difficult case. a) 1.0.2.h is still a supported LTS release, so in terms of security this is not a huge problem. b) Even if a program compiles against 1.1.0, it still needs to be verified if that program has been updated for 1.1.0 because of subtle API breakage (functions behaving differently, suddenly returning values that need to be checked, etc). c) Even Some major software packages do not support 1.1.0 yet [1]. In the light of the latter two points, a number of packages using OpenSSL needs to be reviewed carefully. I'm sure the package maintainer is aware of this, so some waiting is inevitable and understandable. -- [1] https://bugs.python.org/issue26470
[arch-general] out of date packages - an observation
After the recent dicsussion(s) around this topic I thought it worthwhile to go through where things stand. I went through all the packages flagged out of date on the website and focused on what I viewed as the "more important" ones (this is IMHO of course ... I'm sure others have differnt views). Regardless of how out of date a package is, if a new package was in testing I did not include it here. Of those that passed my sufficiently important filter: I found only 2 packages more than 1 week old and 3 less than a week - 2 of which were released upstream today. One is more than 9 months out of date (refind-efi). Here's what I found orderd most out of date at the top.. refind-efi - Arch vesion 0.9.2 as of 9/22/2015 - Upstream has 0.10.3 from 4/24/2016 - this one is very out of date - - be good to have this updated. openssl - Arch has 1.0.2.h - Out of date as of 8/25/2016 - 1.1.0 was released upstream on 8/25/2016 dkms - Out of date as of 9/1/2016 - Arch Package website refers to dell.com should be changed to https://github.com/dell/ util-linux - 2.28.2 was released today - - arch has 2.28.1 released 8/11/2016 linux - 4.7.3 is out of date as of today -- Gene li...@sapience.com