I'm relatively new to CentOS. I ordered a VPS and requested CentOS 5.5. As I was installing packages, I noticed that some of the versions are pretty old - for example, Postfix is v 2.3 in the repo (and, according to Postfix's website - no longer mainted). Is this a security risk as the current version is 2.7.1?
Building and compiling Postfix from source seems to cause additional problems with yum, so I'm not sure what to do other than perhaps switch to something like Fedora. Perhaps there's a third-party repo with updated packages that I haven't found?
Thanks,
Matt
On Wed, Jul 7, 2010 at 4:10 PM, Matthew Valentino astrochase@gmail.com wrote:
I'm relatively new to CentOS. I ordered a VPS and requested CentOS 5.5. As I was installing packages, I noticed that some of the versions are pretty old
- for example, Postfix is v 2.3 in the repo (and, according to Postfix's
website - no longer mainted). Is this a security risk as the current version is 2.7.1? Building and compiling Postfix from source seems to cause additional problems with yum, so I'm not sure what to do other than perhaps switch to something like Fedora. Perhaps there's a third-party repo with updated packages that I haven't found? Thanks, Matt
Welcome to CentOS. You may want to read the FAQ at:
This one will answer your questions:
http://wiki.centos.org/FAQ/General#head-472ce8446ebcfc82ca1800f775ba0e629ac8...
Please be sure to read the two links in there. :)
Akemi
On Jul 7, 2010, at 6:10 PM, Matthew Valentino wrote:
I'm relatively new to CentOS. I ordered a VPS and requested CentOS 5.5. As I was installing packages, I noticed that some of the versions are pretty old - for example, Postfix is v 2.3 in the repo (and, according to Postfix's website - no longer mainted). Is this a security risk as the current version is 2.7.1?
Building and compiling Postfix from source seems to cause additional problems with yum, so I'm not sure what to do other than perhaps switch to something like Fedora. Perhaps there's a third-party repo with updated packages that I haven't found?
Thanks,
During the support time of the OS, security updates will be made. If not by the package maintainer, then by the upstream Linux vendor.
Sometimes, it is by backporting fixes. Sometimes (Firefox for example), an upgrade to a more current version will be made.
Thank you for the super fast responses and for the push in the right direction!
On Thu, Jul 8, 2010 at 12:31 AM, Kevin Krieser k_krieser@sbcglobal.netwrote:
On Jul 7, 2010, at 6:10 PM, Matthew Valentino wrote:
I'm relatively new to CentOS. I ordered a VPS and requested CentOS 5.5.
As I was installing packages, I noticed that some of the versions are pretty old - for example, Postfix is v 2.3 in the repo (and, according to Postfix's website - no longer mainted). Is this a security risk as the current version is 2.7.1?
Building and compiling Postfix from source seems to cause additional
problems with yum, so I'm not sure what to do other than perhaps switch to something like Fedora. Perhaps there's a third-party repo with updated packages that I haven't found?
Thanks,
During the support time of the OS, security updates will be made. If not by the package maintainer, then by the upstream Linux vendor.
Sometimes, it is by backporting fixes. Sometimes (Firefox for example), an upgrade to a more current version will be made.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
At Thu, 8 Jul 2010 00:10:22 +0100 CentOS mailing list centos@centos.org wrote:
I'm relatively new to CentOS. I ordered a VPS and requested CentOS 5.5. As I was installing packages, I noticed that some of the versions are pretty old
- for example, Postfix is v 2.3 in the repo (and, according to Postfix's
website - no longer mainted). Is this a security risk as the current version is 2.7.1?
Building and compiling Postfix from source seems to cause additional problems with yum, so I'm not sure what to do other than perhaps switch to something like Fedora. Perhaps there's a third-party repo with updated packages that I haven't found?
CentOS is based on RHEL (RedHat Enterprise Linux). When a base version of RHEL is released (eg RHEL 5.0 [CentOS 5.0]) the versions of all of the software is 'frozen'. RedHat, however backports security and bug fixes (which CentOS passes along). So although the *appearent* version of Postfix is 2.3 in the repo, it will have the esentual security and bug fixes of the current version (2.7.1). [It may not have any feature enhancements of the current version though.]
Fedora is the *beta testbed* that feeds into RHEL. Fedora is generally NOT recomended for production servers, since it is not generally stable enough. Also, its support lifetime is short (like about a year or less). This means you need to to fresh installs for each new version of Fedora and all sorts of things will likely break (means your production server will be down for days or even weeks every year -- not really good for business!). RHEL / CentOS has a support lifetime of 7 years (from the X.0 release).
There are third-party repos (epel, rpmforge, elrepo) with some updated packages, but you need to be carefull -- it is possible to cause dependency conflicts that could break things. There is also the CentOSPlus repo that has selected updated packages as well.
Thanks,
Matt
MIME-Version: 1.0
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos