> Hello, > > My company use a self made linux distribution mainly based on a Red Hat > 7.2. > Support is done by a small team. The support offered by the team is > new hardware support, specific software queries but no security updates. ... > > The first thing I want to do is to find out all the known vulnerabilities > in the > Red Hat 7.2. Since 05/2004, no updates has been avalaible for this > distribution. > > Since you have good experience for supporting non-supported distribution. > Can you > give me some clues about how I should proceed ? It's a pain in the butt getting updates for 7.2. Many packages, especially web related packages, use newer versions of the Berkley DB and it's very hard to find that for the older RH versions. I've got several computers that I did an in-place upgrade to 7.3 that worked perfectly. I've found it slightly easier to get updates for 7.3, but it's getting more difficult with each passing month. You're at the moment of truth and I'd strongly urge you to go to a supported distro. I can definitely relate to the problems of updating versions because it takes months for us to retest our software on a new OS. (We started in December and we're just about done) Since I've been there, here's my 2 cents worth: Supported server-class distros I know of: (i.e. have a financially stable, commercial backing for support) RedHat Enterprise (3 - 4 years support) Suse Enterprise (3 - 4 years support) Ubuntu (18 months support) Of those, the only that is freely available is Ubuntu. Choosing an RHEL clone is, IMHO, a joke, because you *think* you're getting support because you're using a freely available variant of a supported distribution, but the fact is, the user communities behind the RHEL clones are rather small. CentOS seems the largest and most active. White Box has a lot of name recognition, but to me it appears that it's one man and when he goes on vacation everything stops. I don't know much about the Tao RHEL clone. We like Ubuntu/Debian. Of all the free-bies out there, they seem the most stable, which is what I need. The migration from 7.3 to Ubuntu/Debian is non-trivial. However, Ubuntu has a large software repository called "Universe" that contains many of the software packages we standardized on, so things have worked very well. Sorry for dragging on so much in this message. I could say a lot more, so if you'd like more details, e-mail me. -- Matthew Nuzum <matt@xxxxxxxxxxxxx> www.followers.net - Makers of "Elite Content Management System" View samples of Elite CMS in action by visiting http://www.followers.net/portfolio/ -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
