On Thu, Oct 09, 2003 at 06:56:30PM +0200, Michael Schwendt wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Thu, 9 Oct 2003 09:13:04 -0700, David Demner wrote: >> >> > I have a question about up2date. I recently noticed that the most recent version of OpenSSL available on their website was version 0.9.7c (which >purportedly contains important bugfixes) but the most recent version available on RHN was version 0.9.7a. Same thing with BIND (version 9.2.2 on their >website and version 9.2.1 on RHN). >> >> http://www.redhat.com/advice/speaks_backport.html >> >> - -- >> Michael, who doesn't reply to top posts and complete quotes anymore. > >Also the Michael who can be terse to a fault. > > >It is safe to apply Redhat updates, it is a good idea to apply Redhat >updates. Redhat is very conservative about not breaking things, their >updates are only bug fixes, and mostly only really important bugs get >updates. > >So what does that have to do with anything? Well, the only way Redhat >updates can be so safe is that they don't add features, because >features can and do break things. > >So what Redhat does is "backport" fixes from the current version to >the current Redhat version, just fixing the bug and not changing >anything else. Thank you both for the link and the summary. So I guess we have to trust the system works, andproduct version numbers aren't sufficient? How much of a lag is there between the time the patch is posted on the company site and the time that RedHat backports the code? The speed that worms propagate nowadays is scary and even a couple of days lag might be a big problem. Does apt use the same backport technique? Or are you always getting the latest/greatest/potentially incompatible version of the software by using this instead? If so, using apt on a production system would probably be a bad idea? Thanks again, David -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list