[mariana]

What Debian released is an stable distribution that is going to be maintained for the next 3 or 4 years. It is better to release something stable and well tested than bleeding edge stuff.

Many people don't get Debian. This is a released aimed for servers and stable workstations. If you want or need bleeding edge stuff you can use Debian testing/unstable or Ubuntu as you suggested.

[_delirium]

There also wasn't a lot of time before the freeze--- OpenSSL 1.0.0 was released on March 29, and the Debian "Squeeze" freeze was August 6. Dropping in a new version of OpenSSL four months before the freeze wasn't considered prudent. Even if OpenSSL itself could be tested in that time and considered rock-solid (probably possible), a lot of different packages depend on / link with OpenSSL, and linking them with a new version might expose subtle bugs or incompatibilities in those apps, which you'd want some time to notice/debug/fix, especially since it might require waiting on upstream developers to debug/fix things in their apps.

Post-release, OpenSSL 1.0.0 will now be migrated to unstable, and then any problems that causes or exposes can be found and fixed on a more generous schedule.

[sigzero]

I agree. I use Debian not because it has the bleeding edge but because they have the most stable versions and they care about that. I love their system.