> Since the main goal of OpenBSD is security, I keep wondering about one > thing. > There are packages like irssi or Thunderbird that should be updated to > the newest upstream version.
These two sentences don't make sense together. You equate "update update" with security. That doesn't make sense. Replacing the pigs with newer versions isn't security work. It is simply grunt work. This project's focus is on building new security features into a complete operating system, and still allow the junk to run. For a few of us that mission is important, for other people it is less important. > For example irssi's upstream encourages all users to upgrade to the > newest one, see: > https://irssi.org/2017/07/07/irssi-1.0.4-released/ > > Similar situation with Chromium etc. All of those packages exists in > newer versions in -current, but it's not an option in my case. > > I understand that -stable is not place for the latest packages available > and it's expected to be rock solid, but also secure. Well the options are: Get involved and do the work, or watch. There are lots of keyboards, but too many monkeys work on drafts of shakespeare and too few are working on making software better. Of course, I should add a caveat that it is my impression that the "update! update!" treadmill is ridiculous, and for every bug fixed in upstream software, new features+complexities result addition of new bugs, for that reason in particular I don't work in that area but instead focus on building a cleaner kernel+library infrastructure so that high-level errors hopefully don't compound as dangerously. BTW, the real estate board of your country would like to remind you that you probably live in an old house, and should upgrade... > So I wonder what is the policy in situation when updating to the newer > upstream version is more than recommended due the security reasons. There is no policy. The ports area of the tree consists of genuine people who end up having to do all the work -- since the space and workload is so huge, it should not be surprising when they are selective about which things they consider most crucial and do first. Perhaps that is the nugget you seek.
