On 11/12/2010 3:44 PM, Philip Amadeo Saeli wrote:
- Robert Hellerheller@deepsoft.com [2010-11-07 07:13:27 -0500]:
At Sun, 7 Nov 2010 00:17:31 -0500 CentOS mailing listcentos@centos.org wrote:
I'm maintaining an internet-facing web server which is now running httpd 2.0.63 (httpd-2.0.63-2.el4s1.centos.2) which is now neary 2.5 years old(!?!). I need to move to either 2.0.64 or 2.2.12 or later. However, I've been unable to find available RPMs for such releases for CentOS 4.x.
I have to believe that others have these needs also. In light of this, how do others keep up with security upgrades for the httpd? I'm rather new to this aspect of things, so am still in the process of sorting things out in this regard.
Red Hat backports security updates (from newer versions). So long as you have been applying the standard O/S updates (eg 'yum update') regularly, your http is up-to-date WRT security updates.
This is true for vendor-supported version. However, for technical reasons (i.e., need for additional features or capabilities), we are running versions more recent than the vendor-supported ones. Up until recently, I have been able to obtain the needed versions (of, e.g., httpd, mysql, and php) from available third-party CentOS repos. However, this is no longer the case.
My question in this regard is to find out how this problem is generally handled by others. I know anyone who has internet-facing, secure servers has to deal with these same issues. Up until now, I've been able to trust that the community response would result in the needed RPMs showing up in public repos. That model seems to now be broken (if indeed it was ever truly viable).
In particular, I need the following package versions (for CentOS 4.x), none of which I've been able to locate in any publicly available repo:
- httpd-2.0.64 # released: 2010-10-19
- php-5.2.14 # released: 2010-07-22
I have been able to locate packages for php-5.3.3 and am in the process of testing them. However, things would be *much* simpler in the short term if we could move first to php-5.2.14.
Our longer-range plan is to upgrade the server to CentOS 5, which will help quite a bit in this regard. However, in the mean time I'm stuck with CentOS 4 on this server due to severe time, resource, and budget constraints.
Of note, RHEL 6 was released this week, so CentOS 6 will likely be out maybe around the end of the year. Also, the next version release for RHEL 5 has an option to move to PHP 5.3. It's coming soon. Your time restraints might allow you jump two major releases! ;)
As for the PHP upgrades. I don't know if you use SquirrelMail or not, but on a v5.x test machine, my upgrade to PHP 5.2 broke SquirrelMail. I didn't bother fixing it. I have recently upgraded that system to PHP 5.3 from EPEL repository and SquirrelMail works again. That's the only thing I found that was broken... Just beware as it was a surprise to me.
John Hinton