On Jun 7, 11:00pm, woods@weird.com ("Greg A. Woods") wrote:
-- Subject: Re: bin/31120 (update openssl in 3beta)

|  That seems like a very much less than ideal approach to maintenance.
|  
|  People will no doubt be running systems built from the NetBSD-3 branch
|  in production for years yet to come, and for something as central to
|  many security-related applications as OpenSSL is, it would seem
|  important to keep it as up to date as possible in _all_ supported
|  branches.

Greg, what version is running on 3.0? Are there any known vulnerabilities
against it? The problem is that openssl is such a large package, and it
affects other things (ssh), so we have to weigh the risk/benefit of the
upgrade.

christos