| MauricioF | yes, for me... |
| g_harris | run 4.4 it's about as stable as you can get |
| Evolution | MauricioF: see the topic about backporting. |
| guigouz_ | MauricioF: centos rebuilds redaht packages. |
| MauricioF | g_harris: ok, understood |
| g_harris | 5.0 is not bad so far, I'm running it and even deploying it on 5 servers saturday if they get my software out of beta that is |
| guigouz_ | MauricioF: people at redhat backport patches for vulnerabilities to theit stable version, and keep doing that for 7 years. |
| MauricioF | guigouz_: ok! ;) |
| guigouz_ | MauricioF: that means they fix the older package, without introducing new bugs. also, your config files and other dependencies won't break. |
| MauricioF | guigouz_: good!! guigouz_: do u think that httpd 2.0.52 is ok? |
| guigouz_ | MauricioF: I only backport stuff in extreme rare cases, and it's often "rpm --rebuild some.src.rpm" MauricioF: yes, it's fine. |
| MauricioF | just i don't want risks |
| g_harris | so uhm if not centos then... what? |
| MauricioF | g_harris: i'm working with centos because asked a new client |
| g_harris | so what do you consider less risky? just curious centos is what I switched to because I got tired of the treadmill upgrades that were fedora core |
| MauricioF | g_harris: oh... good info... just i saw in secunia.com php vuls and... i thought may be httpd too... ok i didn't find anything about httpd yet...but.... |
| Evolution | MauricioF: the version numbers on centos and RHEL often lie, as fixes are backported. version numbers stay low, but the security issue is fixed. you'll find the CVE entries in the announcements, and usually the changelog. |
| donavan | Evolution, there is a URL in the /topic |
| MauricioF | Evolution: ok, understood |
| Evolution | donavan: http://www.rafb.net/paste ? |
| donavan | try the "understanding backporting" link |
| MauricioF | anybody updated php-4.3.9 to 4.4.7 ? because i saw this.... http://www.securityfocus.com/bid/23813 and i've php php-mysql php-pear |
| ivazquez | Did you check the package changelog to see if a fix has been applied? |
| MauricioF | ivazquez: oops... i didn't ...ok i understand now CentOS's philosophy... |
| ivazquez | Actually, it's RH's philosophy. CentOS just makes it available to the masses. |
| evil_steve | "if it ain't broke, backport it", right? |
| donavan | ivazquez, RH is available to the masses |
| ivazquez | For a price. |
| MauricioF | ivazquez: ok, just a CentOS newbie's mistake... |
| ivazquez | No worries, just clarifying. |
| MauricioF | ivazquez: tks a lot |