Redhat 7.x and 8.x sunset
miah
jjohnson at sunrise-linux.com
Sat Dec 27 13:56:43 EST 2003
Upgrading the kernel will not fix buffer overflows, integer overflows, heap overflows, format string errors, or other coding mistakes in userland code. Nor will it fix the same in the kernel itself, there is still possibility of undiscovered exploitable code in the kernel, and since there is constant development on the kernel there is still possibility of new exploitable code being added.
I'm *postitive* more security issues will be found in software included in RH 7.0 - 9.0 well after their EOLs. Thats why there is panic. There are many companies out there running production RH 8.0 boxes that cannot easily switch over to a new distribution, which is why companies are now coming out saying they'll do paid support for those systems after their EOL.
Also, compiling your own software on a system that uses a package management system is usually a great way to give yourself a headache. Removing the apache rpm, or compiling a new apache and installing it over the new one will cause dependancy issues when you try to install a mod_php rpm. Once you switch to compiled software you really need to stick with it and remember what you compile where and what options you used for configure and the like. As well its a huge undertaking when you're maintaining 50 production systems, compared to apt-get dist-upgrade (apt for rpm is awesome).
If you read the fedora docs, it looks like they're trying to push for releases every 6 months. And since its community driven project, if somethings broke, go ahead and fix it.
-miah
On Sat, Dec 27, 2003 at 12:26:26PM -0500, Robert La Ferla wrote:
> discuss-request at blu.org wrote:
> And those security updates wouldn't be fixed by the updated kernel *and*
> other software? I'm just pointing out that there's a lot of panic but I
> don't see the urgency to switch right away. Maybe if you upgrade via
> RPMs only or have a large cluster of systems, it takes on a greater
> urgency but I was referring to updates from compiling/installing latest
> source code for a few systems. But then again, I use Linux for servers
> and not for desktops so perhaps maintaining such systems with source
> code is not feasible.
>
> Anyways, I don't see a clear choice for a distro. Jerry is recommending
> SuSE but you said that you had major problems with it even with a fresh
> 9.0 install. Have things gotten any better since you last wrote about
> it? It was also mentioned that Fedora Core isn't quite ready but I'd
> like to know more details. If Fedora will be "ready" in 6-9 months,
> perhaps hanging on to RedHat 9 w/manual source code updates is an option.
>
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss
More information about the Discuss
mailing list