Johnny Hughes wrote:
Scott Silva wrote:
on 12/4/2007 10:27 AM Bit spake the following:
Hello,
I have two questions which are really CentOS repository related, but
they primarily revolve around the Samba packages available.
1) Why is the s390 architecture version of Samba for CentOS 4 so much
more up to date than the i386 architecture version? If you open these
two links in a browser window...
http://isoredirect.centos.org/centos/4/updates/i386/RPMS/
http://isoredirect.centos.org/centos/4/updates/s390/RPMS/
and compare the available rpms, the s390 version of samba is 3.0.25b,
while the i386 version of samba is only 3.0.10.
2) On a related note, why does it appear that a recent security
update was not applied to the CentOS 4 i386 architecture version of
samba?
If you look at the top two patches listed on the Samba homepage here:
http://us3.samba.org/samba/history/security.html
You will see that they should apply to all versions of samba from
3.0.0 to 3.0.26a.
So that would include the i386 CentOS 4 version of samba because it's
3.0.10.
I am on the CentOS Announcements mailing list, and I still have not
seen an announcement that this has been fixed in the i386 CentOS 4
version of samba. I have seen announcements for CentOS 3 i386, CentOS
3 x86_64, and even CentOS 4 s390. But not for CentOS 4 i386. What
gives?
Thanks,
- Bit
I think this is part of 4.6, coming to mirrors near you maybe this week.
Correct ...
CentOS-4.6 will be released soon, then they will be in sync again.
There are different maintainers for different arches and different
approaches.
But I am the i386/x86_64 maintainer ... and 4.6 will be released as a
whole and not in pieces. That is because in the past, certain security
upgrades caused bugs when built against a newer package set but released
on the older tree. We can not afford for things not to work together so
will these two arches (which make up 90% of CentOS users) as upstream
did ... with all of the bugfixes, security updates, enhancements
together. That is just how they are built and the only way everything
is known to coexist.
We just released 5.1 and we have to give our mirror infrastructure time
to peak and go back down before we can release 4.6, since we do not have
unlimited mirror resources like the upstream guys.
Thanks,
Johnny Hughes
Thank you for your response.
Since CentOS strives to be a free, binary-identical version of Red Hat,
how does this process work? I imagine it goes something like this...
Red Hat releases Red Hat Enterprise Linux AS 4.6 on some date. I can't
seem to find the date on redhat.com, but according to wikipedia, it was
15th of November, 2007.[1]
So then once Red Hat releases RHEL AS 4.6, the CentOS team basically
downloads the source code/whatever they need, strips out the graphics
and other copyrighted material, "CentOS-ifies" it, and then releases it
as CentOS 4.6.
Is that basically how this process works?
So then the answer to my Samba related questions is this: Red Hat
released the security updates that I mentioned as part of Update 6.
They didn't release anything for RHEL 4.5. So naturally, the CentOS
team doesn't want to "backport" these updates to CentOS 4.5, they're
doing the same thing Red Hat did, releasing the new samba package with
the security fixes I mentioned (almost certainly in addition to other
fixes) as part of the CentOS Update 6. And personally, I have to say
that makes a lot of sense since the point of CentOS is to be as
identical to RHEL as possible.
Thanks again for responding, Johnny. Would you please let me know if I
got that right and make any necessary corrections?
Thanks,
- Bit
[1]http://en.wikipedia.org/wiki/Red_hat_enterprise_linux#Version_history
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos