Re: Red Hat Network updates

From: Kevin Sonney (alchemist@darkcanvas.com)
Date: 03/05/03

  • Next message: Jeff Lane: "Availability of Sendmail fix" 
    Date: Tue, 4 Mar 2003 22:01:03 -0500
From: Kevin Sonney <alchemist@darkcanvas.com>
To: focus-linux@securityfocus.com

    On Tue, 04 Mar 2003 12:12:42 -0600 "Steve Bremer" <steveb@nebcoinc.com>
    wrote:
    > Typically, Red Hat will back port security patches from the current
    > version of XYZ software to the version of XYZ software release with
    > their distribution. Why do they do this? If they were to package the
    > new version of XYZ software, it may have new bugs in addition to
    > the security fix. These new bugs could introduce compatibility
    > problems with the existing software on the system.

    This is exactly what Red Hat does, and why. Additionally, some
    applications, like OpenSSL, don't always maintain binary compatibility
    when going up a revision. So updating to the brand-spanking-new OpenSSL
    means that Red Hat would also have to release errata for Apache's
    mod_ssl, OpenSSH, sendmail...anything linked against OpenSSL. if they
    back-port the bugfix, test will take less time, and require fewer
    errata packages to be released.

    In some uncommon instances, a major package can be updated without as
    much churn - like the kernel - if it's a back-port from a newer release
    (i.e. the current 7,.x kernel errata is actual the 8.0 kernel
    recompiled against 7.x), and doesn't impact binary compatibility on the
    target release. 

    -- 
----------------------------------
--         Kevin Sonney         --
--  ICQ: 4855069  AIM: ksonney  --
----------------------------------
320C 0336 3BC4 13EC 4AEC  6AF2 525F CED7 7BB6 12C9
 Seuss is God. We thought Clapton was, but it was grumpy, weird,
 wife-dumping, flawed genius Ted. -- Berkley Breathed, 2001

  • Next message: Jeff Lane: "Availability of Sendmail fix"