On Wed, 2004-12-15 at 22:49 -0500, Michael Jennings wrote:
On Wednesday, 15 December 2004, at 18:44:57 (-0600), Johnny Hughes wrote:
RedHat's official versions are (in my opinion) the best from a security perspective.
Depends on your needs. Those (like me) on the postfix announce list can whip up a new postfix package with mezzanine faster than RH can post updates (assuming everyone is notified at once).
Michael
Absolutely Michael ... you can provide quality and fast updates. No doubt about it.
Simon Mudd's SRPMS for postfix are also very good. I compile them for people all the time.
I wasn't suggesting that either of those sources for packages are not good, or that there would be anything wrong with that approach.
But, especially for the major server functionality, I think that using the official RHEL versions is the smartest thing to do whenever possible ... specifically because of the backporting policy in my other e-mail (they will roll back security issues without breaking current installs).
In my view (again, this is just my opinion), the whole purpose for CentOS is to give you the stability of RHEL ... and changing server packages to newer versions defeats that purpose.
Don't get me wrong, I'm going to build a mysql 4.1.x server package so that I can use the new Administrator and Query tools by mysql ... so I understand why some packages might need to be upgraded.
But, worrying about security issues from RedHat based on version number is not necessary because of backporting. RedHat is very proactive about getting out security fixes.
- Johnny Hughes