On Fri, Aug 21, 2009 at 05:34:27PM -0400, Jim Perrin wrote:
On Fri, Aug 21, 2009 at 5:17 PM, Ray Van Dolsonrayvd@bludgeon.org wrote:
- Keep phpMyAdmin up to date. Best way to do this is to use a package from a well known repository like EPEL that keeps the package at the latest version for you.
I've not beaten EPEL up too much on things like this, but here is one instance where it counts. EPEL relies on its packagers to keep things current, and in a startling number of cases, they do not. Case in point is the wiki software, moin. Moin is at something like 1.8.x or 1.9.x now, and has several posted security issues, which have been fixed in the most recent versions. EPEL however is still shipping 1.5.9 -> http://download.fedora.redhat.com/pub/epel/5/i386/repoview/moin.html
Just because it's from a well known 3rd party repository doesn't mean it's fully patched. While your advice to use known repositories is good, please don't let it fool you into a false sense of security.
The upgrade from Moin 1.5.x to newer versions is not something that can be automated (as I understand it). Thus the decision was to leave Moin as is and likely provide a newer moin18 or moin19 package (whatever the latest is) in the interim and at some point obsolete the older version. (Hopefully I didn't get that wrong)
Moin is a special case. For the most part EPEL maintainers do a good job of keeping things as up to date as they can.
Of course, as Jim pointed out, with any repository maintained by volunteers (this includes rpmforge, CentOS-extras, etc), you're at the whim of the packager. Tread with adequate caution! This is why Sysadmins should have some skills of their own to identify packages that might require a little extra TLC or to keep an eye on the appropriate security mailing lists.
We all have a number of tools in our toolchests. :)
For the most part, however, I'm going to prefer a package from an active repository like EPEL or rpmforge over handbuilding something like phpMyAdmin every time there's a new release.
To each their own though...
Ray