> I don't know either. > That is what I am asking. I'm not going to spend more time investigating a bug fix in zlib made 15 years ago. If that's what your policy is, then we have provided plentiful pointers for you to do so.
> Yes, you keep saying we should just throw the new code in, and you keep not explaining what the actual problem is. You keep paraphrasing me: I didn't say "throw the new code in". You complained it was "pages and pages", but I have linked to what the problem is and what the fix was. That is not the same as me "not explaining what the problem is". You keep asking me to spend even more time on this, and not recognizing that we have already sunk time into this. > It is NOT 16 years old. You keep saying that. There is a different development process involved here which has upsides and downsides and which I don't expect you will understand. That's right. I don't understand. Could you explain it then, or point me to a document that explains what your development process is? Putting two and two together, it seems that it is 16 years plus a bunch of cherry picked bug fixes backported over a very many years. If that's what you do, whilst I understand that can make some sense to keep patching say 5 year old libraries, at some point it becomes too old and too risky. Matt On Thu, Jun 24, 2021 at 7:27 PM Theo de Raadt <dera...@openbsd.org> wrote: > Matt Dowle <mattjdo...@gmail.com> wrote: > > > Theo, > > > > > Instead, we got pages and pages that summarize to "must > > update", and doesn't explain what the bug is or what the fix is. > > > > > If only we had an explanation of what is actually wrong and needs > fixing > > > > We know it was this news item from 1.2.3.1 (released 16 August 2006) > > https://zlib.net/ChangeLog.txt : > > - Take into account wrapper variations in deflateBound() > > but I don't know which commit that was. > > I don't know either. > > That is what I am asking. > > But you don't know and keep repeating: > > > Yes it would be appreciated if OpenBSD upgraded to zlib 1.2.11 which at > 4 years old > > seems reasonably old. Using a 16-year old version of a library such as > zlib, however, > > seems too old to me: at that age it's starting to become unreasonable to > expect other > > open-source maintainers such as myself to support. > > Yes, you keep saying we should just throw the new code in, and you keep > not explaining what the actual problem is. > > It is NOT 16 years old. You keep saying that. There is a different > development > process involved here which has upsides and downsides and which I don't > expect > you will understand. >
