Hi,
I've read some posts in the forums which seems to indicate that not every CentOS version is well supported. Is it possible to install CentOS 5.5 on a server and only apply security updates for 7 years? Or is the preferred way to upgrade to each minor version? Thanks in advance!
Relevant forum quotes:
Probably not relevant to the problem; however, the current release is 5.4 - 5.3 is getting seriously obsolete with respect to security problems and bugs. http://centos.caosity.org/modules/newbb/viewtopic.php?viewmode=flat&orde...
If you really mean 5.0, it is seriously obsolete and has numerous known bugs and security issues that have been fixed in subsequent updates. Obsolete releases are not supported, nor is it advisable to be installing or running them. See the CentOS 5.5 Release Notes for details. https://www.centos.org/modules/newbb/viewtopic.php?topic_id=26339&forum=...
On Sat, May 22, 2010 at 08:09:22PM +0200, Aniruddha wrote:
Hi,
I've read some posts in the forums which seems to indicate that not every CentOS version is well supported. Is it possible to install CentOS 5.5 on a server and only apply security updates for 7 years? Or is the preferred way to upgrade to each minor version? Thanks in advance!
Relevant forum quotes:
Probably not relevant to the problem; however, the current release is 5.4 - 5.3 is getting seriously obsolete with respect to security problems and bugs. http://centos.caosity.org/modules/newbb/viewtopic.php?viewmode=flat&orde...
If you really mean 5.0, it is seriously obsolete and has numerous known bugs and security issues that have been fixed in subsequent updates. Obsolete releases are not supported, nor is it advisable to be installing or running them. See the CentOS 5.5 Release Notes for details. https://www.centos.org/modules/newbb/viewtopic.php?topic_id=26339&forum=...
See:
http://www.redhat.com/security/updates/errata/
RHEL 5.x is supported through March 31, 2014 (thus CentOS will be the same).
Ray
On Sat, May 22, 2010 at 11:09 AM, Aniruddha mailingdotlist@gmail.com wrote:
Hi,
I've read some posts in the forums which seems to indicate that not every CentOS version is well supported. Is it possible to install CentOS 5.5 on a server and only apply security updates for 7 years? Or is the preferred way to upgrade to each minor version? Thanks in advance!
I'm afraid there is some misunderstanding of 5 versus 5.x.
CentOS-5 is supported until 2014. CentOS, as of this writing, is at *point* release 5.5. If you are running "5.0" (or 5.1 or 5.2 or ...) today, you are way behind because there have been a number of security patches and bug fixes since 5.0. In other words, "CentOS 5" has a seven year support but 5.0 (or 5.1 or 5.2 or ...) is "obsolete". So, if you install CentOS 5.5 now, you will have 4 more years of support.
Hope this clears a bit.
Akemi
On May 22, 2010, at 1:09 PM, Aniruddha wrote:
Hi,
I've read some posts in the forums which seems to indicate that not every CentOS version is well supported. Is it possible to install CentOS 5.5 on a server and only apply security updates for 7 years? Or is the preferred way to upgrade to each minor version? Thanks in advance!
Relevant forum quotes:
Probably not relevant to the problem; however, the current release is 5.4 - 5.3 is getting seriously obsolete with respect to security problems and bugs. http://centos.caosity.org/modules/newbb/viewtopic.php?viewmode=flat&orde...
If you really mean 5.0, it is seriously obsolete and has numerous known bugs and security issues that have been fixed in subsequent updates. Obsolete releases are not supported, nor is it advisable to be installing or running them. See the CentOS 5.5 Release Notes for details. https://www.centos.org/modules/newbb/viewtopic.php?topic_id=26339&forum=...
The basic CentOS 5 is supported for a total of 7 years from initial release. Since 5 first came out in April 2007, the support will last until April 2014.
5.2, 5.3, etc, are essentially wrap up releases of the basic CentOS 5, with all known fixes applied as of that time, along with new functionality provided by the upstream vendor. So you can start with 5.5 and not have to download large amounts of fixes that starting with an older release would entail.
Each increment doesn't start a 7 year support cycle, just the major CentOS 4, 5, etc.
Thanks for the quick replies. I understand now that CentOS 5 and all 5.? versions are supported until 2014. How does this work with security updates? Does each point release gets itś own security updates? In other words is it possible to install CentOS 5.5 on a server and only apply security updates for 7 years? Or is it required to upgrade to each point release in order to continue receiving security updates?
Aniruddha wrote:
Thanks for the quick replies. I understand now that CentOS 5 and all 5.? versions are supported until 2014. How does this work with security updates? Does each point release gets itś own security updates? In other words is it possible to install CentOS 5.5 on a server and only apply security updates for 7 years? Or is it required to upgrade to each point release in order to continue receiving security updates?
there is no distinction between bug fixes and security updates (Indeed, many bugs lead to potential security exploits). centos 5.5 is just a snapshot of centos 5 at a particular point in time. updates will take that to 5.6 or 5.7 or whatever state is released, but its all still CentOS 5
At Sat, 22 May 2010 21:03:49 +0200 CentOS mailing list centos@centos.org wrote:
Thanks for the quick replies. I understand now that CentOS 5 and all 5.? versions are supported until 2014. How does this work with security updates? Does each point release gets itś own security updates? In other words is it possible to install CentOS 5.5 on a server and only apply security updates for 7 years? Or is it required to upgrade to each point release in order to continue receiving security updates?
The 'point releases' ARE the security updates (or actually the consolidation of security (and other) updates). If you install 5.5 and do 'yum update' on regular basis, at some point (like in about 6-8 months maybe), you will find you are running 5.6 (this will happen automagically), and in like 6-8 months or so after that you will be running 5.7, and so on. Except for some rare cases, things will be 'binary compatible' and the *base* version of all CentOS supplied software (actually upstream vendor supplied) will be the same, but will have security and essential bug fixes back-ported. This will continue until sometime in 2014. The point releases are not really a new version, just update 'milestones' of a sort. Don't confuse CentOS 5.5 and CentOS 5 -- CentOS 5.5 is just CentOS 5 as of mid-May 2010 -- it is not distinct in any other way. Installing CentOS 5.5 is no different than installing using a CentOS 5.4 DVD and then doing a 'yum update' after completing the install.
Note: there will be various between point release updates from time-to-time -- these will be placed in the 'updates' repo. The point release updates are a consolidation of these (and other less critical) updates and also mark points when new install media is created, and past updates are migrated to the 'base' repo and the 'updates' repo is zeroed out (although usually by the time a point release hits the bricks and few updates since its 'freeze' will have come along -- the 'updates' repo is only really figuratively zeroed out).
Note: this is *very* different from how Ubuntu (for example) is numbered. Base Ubuntu 'version' numbers are just the year.month of the release: Ubuntu 10.4 is just the base release of April of 2010, it is NOT the 4th point release of the 10th major incarnation of Ubuntu. Don't confuse this 'version numbering' with how CentOS's versions are numbered.
Fedora Core has no point releases. Each version is a completely fresh release. And they come out much more frequently than RHEL/CentOS.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Sat, May 22, 2010 at 4:36 PM, Robert Heller heller@deepsoft.com wrote:
Note: this is *very* different from how Ubuntu (for example) is numbered. Base Ubuntu 'version' numbers are just the year.month of the release: Ubuntu 10.4 is just the base release of April of 2010, it is NOT the 4th point release of the 10th major incarnation of Ubuntu. Don't confuse this 'version numbering' with how CentOS's versions are numbered.
Correction:
Ubuntu LTS versions do have point releases, probably swiped from RHEL/CentoOS.
8.04 was published at the end of April 2008 and has been updated to 8.04.1, 8.04.2, 8.04.3, 8.04.4 every subsequent July and January.
At Sat, 22 May 2010 16:49:49 -0400 CentOS mailing list centos@centos.org wrote:
On Sat, May 22, 2010 at 4:36 PM, Robert Heller heller@deepsoft.com wrote:
Note: this is *very* different from how Ubuntu (for example) is numbered. Base Ubuntu 'version' numbers are just the year.month of the release: Ubuntu 10.4 is just the base release of April of 2010, it is NOT the 4th point release of the 10th major incarnation of Ubuntu. Don't confuse this 'version numbering' with how CentOS's versions are numbered.
Correction:
Ubuntu LTS versions do have point releases, probably swiped from RHEL/CentoOS.
8.04 was published at the end of April 2008 and has been updated to 8.04.1, 8.04.2, 8.04.3, 8.04.4 every subsequent July and January.
Yes, but the *base version* '8.04' is NOT a point release. I stated "Base Ubuntu 'version' numbers". I know about Ubuntu LTS versions.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Sat, May 22, 2010 at 5:24 PM, Robert Heller heller@deepsoft.com wrote:
At Sat, 22 May 2010 16:49:49 -0400 CentOS mailing list centos@centos.org wrote:
On Sat, May 22, 2010 at 4:36 PM, Robert Heller heller@deepsoft.com wrote:
Note: this is *very* different from how Ubuntu (for example) is numbered. Base Ubuntu 'version' numbers are just the year.month of the release: Ubuntu 10.4 is just the base release of April of 2010, it is NOT the 4th point release of the 10th major incarnation of Ubuntu. Don't confuse this 'version numbering' with how CentOS's versions are numbered.
Correction:
Ubuntu LTS versions do have point releases, probably swiped from RHEL/CentoOS.
8.04 was published at the end of April 2008 and has been updated to 8.04.1, 8.04.2, 8.04.3, 8.04.4 every subsequent July and January.
Yes, but the *base version* '8.04' is NOT a point release. I stated "Base Ubuntu 'version' numbers". I know about Ubuntu LTS versions.
No comment...
Aniruddha wrote:
Thanks for the quick replies. I understand now that CentOS 5 and all 5.? versions are supported until 2014. How does this work with security updates? Does each point release gets itś own security updates? In other words is it possible to install CentOS 5.5 on a server and only apply security updates for 7 years? Or is it required to upgrade to each point release in order to continue receiving security updates?
Generally speaking, security updates are ongoing and point releases are the accumulation of the security updates plus bugfixes at different points in time with the less critical bugfixes all released at once. But, the reason it is an 'enterprise' release is that updates within a major release are not supposed to change behavior or compatibility in ways that will break programs you are running. There have been some rare exceptions but unless you know something the team preparing the updates doesn't, you are probably better off just staying up to date.
On 05/22/2010 11:09 AM, Aniruddha wrote:
I've read some posts in the forums which seems to indicate that not every CentOS version is well supported. Is it possible to install CentOS 5.5 on a server and only apply security updates for 7 years?
No. As best I understand Red Hat's model, EL 5 will have 7 years of support from the time of its initial release. CentOS will rebuild their packages to provide the same. In neither case can you install the current version today and expect 7 years of support. With Red Hat's EL you have the option to install a given point release and apply only security fixes, staying at point release until the EOL for the remainder of the major release's support lifetime. CentOS does not provide that option easily. You could watch the errata feed and manually apply only the security related patches, but if you use "yum update" without further options, you'll be updated to whatever point release is current.
Or is the preferred way to upgrade to each minor version?
The preference is yours. Keeping your system current is the easiest management strategy.
On May 22, 2010, at 2:23 PM, Gordon Messmer wrote:
On 05/22/2010 11:09 AM, Aniruddha wrote:
I've read some posts in the forums which seems to indicate that not every CentOS version is well supported. Is it possible to install CentOS 5.5 on a server and only apply security updates for 7 years?
No. As best I understand Red Hat's model, EL 5 will have 7 years of support from the time of its initial release. CentOS will rebuild their packages to provide the same. In neither case can you install the current version today and expect 7 years of support. With Red Hat's EL you have the option to install a given point release and apply only security fixes, staying at point release until the EOL for the remainder of the major release's support lifetime. CentOS does not provide that option easily. You could watch the errata feed and manually apply only the security related patches, but if you use "yum update" without further options, you'll be updated to whatever point release is current.
Or is the preferred way to upgrade to each minor version?
The preference is yours. Keeping your system current is the easiest management strategy
I've seen extended release support from the upstream vendor for some specific kernels. I haven't looked closely into this, to see why. My suspicion is that they are maintaining some kernels from just before more major updates (like the addition of KVM) that may have negatively impacted certain larger customers. Unfortunately, in my case, when these have been released they didn't resolve some security issue in them that we were interested in. So we had to go with the latest kernel anyway.
Coming from Gentoo -> Debian I am to trying to understand the way CentOS works. In Debian very little happens in stable releases and you use apt-get update to apply security updates and apt-get dist-upgrade for a major upgrade.
In CentOS there is an yum-security plugin which allows you to install security updates only. If I understand correctly the preferred way though is to do at least an yum upgrade every 6 months in order to upgrade to a point release.
On 5/22/2010 3:39 PM, Aniruddha wrote:
Coming from Gentoo -> Debian I am to trying to understand the way CentOS works. In Debian very little happens in stable releases and you use apt-get update to apply security updates and apt-get dist-upgrade for a major upgrade.
In CentOS there is an yum-security plugin which allows you to install security updates only. If I understand correctly the preferred way though is to do at least an yum upgrade every 6 months in order to upgrade to a point release. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
my mahcines run yum update every night. Security updates are NOT only at the point releases but whenever the upstream releases them.
On Sat, May 22, 2010 at 9:52 PM, William Warren hescominsoon@emmanuelcomputerconsulting.com wrote:
On 5/22/2010 3:39 PM, Aniruddha wrote:
Coming from Gentoo -> Debian I am to trying to understand the way CentOS works. In Debian very little happens in stable releases and you use apt-get update to apply security updates and apt-get dist-upgrade for a major upgrade.
In CentOS there is an yum-security plugin which allows you to install security updates only. If I understand correctly the preferred way though is to do at least an yum upgrade every 6 months in order to upgrade to a point release. _______________________________________________
I can imagine this works fine with vanilla CentOS, however is this still possible when you enable third party repositories such as epel?
On Sat, May 22, 2010 at 4:02 PM, Aniruddha mailingdotlist@gmail.com wrote:
I can imagine this works fine with vanilla CentOS, however is this still possible when you enable third party repositories such as epel?
It varies on the repository, but for the most part the existing repositories try to keep their packages up to date. There are no guarantees though.
At Sat, 22 May 2010 22:02:34 +0200 CentOS mailing list centos@centos.org wrote:
On Sat, May 22, 2010 at 9:52 PM, William Warren hescominsoon@emmanuelcomputerconsulting.com wrote:
On 5/22/2010 3:39 PM, Aniruddha wrote:
Coming from Gentoo -> Debian I am to trying to understand the way CentOS works. In Debian very little happens in stable releases and you use apt-get update to apply security updates and apt-get dist-upgrade for a major upgrade.
In CentOS there is an yum-security plugin which allows you to install security updates only. If I understand correctly the preferred way though is to do at least an yum upgrade every 6 months in order to upgrade to a point release. _______________________________________________
I can imagine this works fine with vanilla CentOS, however is this still possible when you enable third party repositories such as epel?
Yes. You do have to be careful and properly setup priorities, etc. and be carefull about what you install from the third party repositories and which ones you have enabled when you do a generic 'yum update'. Generally you only enable third party repositories when you do an 'yum install <some specific package from the third party repository>' and have them all disabled when you do a 'yum update':
yum --enablerepo=epel install wine yum --disablerepo=epel update yum --enablerepo=rpmforge install mplayer
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Another issue with trying to apply just security updates for older point updates is that newer updates may be built differently. On 5.3, a package may not require another package be installed. But at some point later on, say, 5.5, it may gain a dependency. So if you try to install it, it may fail. if you are maintaining a system that is not directly connected to the internet, that can be an issue. I suppose that if it is, then you can end up having to upgrade more packages than you originally expected.
At Sat, 22 May 2010 21:39:46 +0200 CentOS mailing list centos@centos.org wrote:
Coming from Gentoo -> Debian I am to trying to understand the way CentOS works. In Debian very little happens in stable releases and you use apt-get update to apply security updates and apt-get dist-upgrade for a major upgrade.
I am not sure if Gentoo or Debian even have 'point releases', at least in the sense that RedHat has done things since way back when.
In CentOS there is an yum-security plugin which allows you to install security updates only. If I understand correctly the preferred way though is to do at least an yum upgrade every 6 months in order to upgrade to a point release.
No, you you really should run yum update more frequently. Every 6 months (or so), 'yum update' will automagically upgrade to a point release. I am not really sure it really makes any sense to stay at a given point release, esp. sice point releases are not some sort of major new version or anything -- they are more a consolidation of many small updates bundled together has a kind of 'update milestone' and are more a matter of being a conveinent place (in 'time') to burn a new batch of iso images.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Op 22-05-10 22:36, Robert Heller schreef:
I am not sure if Gentoo or Debian even have 'point releases', at least in the sense that RedHat has done things since way back when.
Debian has. Currently they're at 5.0.4.
Gentoo is a different matter altogether, their release system is to volatile even a Gentoo *release* won't stay the same for long. Plus, their approach to security updates is to install (compile) the latest stable "downstream" version together with possibly updated or changed dependencies, making it a distribution much less suitable for enterprise/server use.
On 05/22/2010 08:39 PM, Aniruddha wrote:
In CentOS there is an yum-security plugin which allows you to install security updates only. If I understand correctly the preferred way though is to do at least an yum upgrade every 6 months in order to upgrade to a point release.
yum-security requires the remote repositories to support it - the CentOS hosted ones do NOT. The plugin is left in the distro so other people who run private repo's might be able to do something for themselves. There is some work being done to get the centos repo's supporting yum-security, but were not there yet.
But if you have tried the plugni, you already know this.
- KB
On Sun, May 23, 2010 at 12:32 PM, Karanbir Singh mail-lists@karan.org wrote:
On 05/22/2010 08:39 PM, Aniruddha wrote:
In CentOS there is an yum-security plugin which allows you to install security updates only. If I understand correctly the preferred way though is to do at least an yum upgrade every 6 months in order to upgrade to a point release.
yum-security requires the remote repositories to support it - the CentOS hosted ones do NOT. The plugin is left in the distro so other people who run private repo's might be able to do something for themselves. There is some work being done to get the centos repo's supporting yum-security, but were not there yet.
But if you have tried the plugni, you already know this.
- KB
Al least it explains the lack of security updates found with the yum-security plugin.:)
-
Akemi Yagi -
Aniruddha -
Frank Van Damme -
Gordon Messmer -
John R Pierce -
Jorge Fábregas -
Karanbir Singh -
Kevin Krieser -
Kwan Lowe -
Les Mikesell -
Ray Van Dolson -
Robert Heller -
Tom H -
William Warren