[CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

Lanny Marcus lmmailinglists at gmail.com
Mon Mar 23 02:50:44 UTC 2009


On 3/22/09, Rob Townley <rob.townley at gmail.com> wrote:
> http://httpd.apache.org/security/vulnerabilities_20.html
> states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68.
> i am no longer a httpd expert, but at least one of the security fixes
> involves XSS attacks via malformed ftp commands.  I also realize that
> redhat / centos may patch things separately from Apache and that the
> sysadmin has  a great deal to do with how secure things are, but
> almost 5 years?

This is an Enterprise Distro and very  rarely has the latest and
greatest. It is supported for a long time and  security updates are
backported. The life is 7 years. Much longer than the life of a Distro
with the latest and greatest.

> Does the sysadmin for www.centos.org get paid?

The CentOS team work for free on this project and they do an
outstanding job. They also have full times jobs, so they are very
busy.

If you want the latest and greatest, you can install it yourself, but
if it breaks, it's your problem. Decide which you want; (a) Long life,
stability and security or (b) latest and greatest stuff.


More information about the CentOS mailing list