At Thu, 8 Jul 2010 00:10:22 +0100 CentOS mailing list centos@centos.org wrote:
I'm relatively new to CentOS. I ordered a VPS and requested CentOS 5.5. As I was installing packages, I noticed that some of the versions are pretty old
- for example, Postfix is v 2.3 in the repo (and, according to Postfix's
website - no longer mainted). Is this a security risk as the current version is 2.7.1?
Building and compiling Postfix from source seems to cause additional problems with yum, so I'm not sure what to do other than perhaps switch to something like Fedora. Perhaps there's a third-party repo with updated packages that I haven't found?
CentOS is based on RHEL (RedHat Enterprise Linux). When a base version of RHEL is released (eg RHEL 5.0 [CentOS 5.0]) the versions of all of the software is 'frozen'. RedHat, however backports security and bug fixes (which CentOS passes along). So although the *appearent* version of Postfix is 2.3 in the repo, it will have the esentual security and bug fixes of the current version (2.7.1). [It may not have any feature enhancements of the current version though.]
Fedora is the *beta testbed* that feeds into RHEL. Fedora is generally NOT recomended for production servers, since it is not generally stable enough. Also, its support lifetime is short (like about a year or less). This means you need to to fresh installs for each new version of Fedora and all sorts of things will likely break (means your production server will be down for days or even weeks every year -- not really good for business!). RHEL / CentOS has a support lifetime of 7 years (from the X.0 release).
There are third-party repos (epel, rpmforge, elrepo) with some updated packages, but you need to be carefull -- it is possible to cause dependency conflicts that could break things. There is also the CentOSPlus repo that has selected updated packages as well.
Thanks,
Matt
MIME-Version: 1.0
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos