Hello,
I have two questions which are really CentOS repository related, but they primarily revolve around the Samba packages available.
1) Why is the s390 architecture version of Samba for CentOS 4 so much more up to date than the i386 architecture version? If you open these two links in a browser window... http://isoredirect.centos.org/centos/4/updates/i386/RPMS/ http://isoredirect.centos.org/centos/4/updates/s390/RPMS/ and compare the available rpms, the s390 version of samba is 3.0.25b, while the i386 version of samba is only 3.0.10.
2) On a related note, why does it appear that a recent security update was not applied to the CentOS 4 i386 architecture version of samba?
If you look at the top two patches listed on the Samba homepage here: http://us3.samba.org/samba/history/security.html You will see that they should apply to all versions of samba from 3.0.0 to 3.0.26a. So that would include the i386 CentOS 4 version of samba because it's 3.0.10.
I am on the CentOS Announcements mailing list, and I still have not seen an announcement that this has been fixed in the i386 CentOS 4 version of samba. I have seen announcements for CentOS 3 i386, CentOS 3 x86_64, and even CentOS 4 s390. But not for CentOS 4 i386. What gives?
Thanks, - Bit
on 12/4/2007 10:27 AM Bit spake the following:
Hello,
I have two questions which are really CentOS repository related, but they primarily revolve around the Samba packages available.
- Why is the s390 architecture version of Samba for CentOS 4 so much
more up to date than the i386 architecture version? If you open these two links in a browser window... http://isoredirect.centos.org/centos/4/updates/i386/RPMS/ http://isoredirect.centos.org/centos/4/updates/s390/RPMS/ and compare the available rpms, the s390 version of samba is 3.0.25b, while the i386 version of samba is only 3.0.10.
- On a related note, why does it appear that a recent security update
was not applied to the CentOS 4 i386 architecture version of samba?
If you look at the top two patches listed on the Samba homepage here: http://us3.samba.org/samba/history/security.html You will see that they should apply to all versions of samba from 3.0.0 to 3.0.26a. So that would include the i386 CentOS 4 version of samba because it's 3.0.10.
I am on the CentOS Announcements mailing list, and I still have not seen an announcement that this has been fixed in the i386 CentOS 4 version of samba. I have seen announcements for CentOS 3 i386, CentOS 3 x86_64, and even CentOS 4 s390. But not for CentOS 4 i386. What gives?
Thanks,
- Bit
I think this is part of 4.6, coming to mirrors near you maybe this week.
Scott Silva wrote:
on 12/4/2007 10:27 AM Bit spake the following:
Hello,
I have two questions which are really CentOS repository related, but they primarily revolve around the Samba packages available.
- Why is the s390 architecture version of Samba for CentOS 4 so much
more up to date than the i386 architecture version? If you open these two links in a browser window... http://isoredirect.centos.org/centos/4/updates/i386/RPMS/ http://isoredirect.centos.org/centos/4/updates/s390/RPMS/ and compare the available rpms, the s390 version of samba is 3.0.25b, while the i386 version of samba is only 3.0.10.
- On a related note, why does it appear that a recent security
update was not applied to the CentOS 4 i386 architecture version of samba?
If you look at the top two patches listed on the Samba homepage here: http://us3.samba.org/samba/history/security.html You will see that they should apply to all versions of samba from 3.0.0 to 3.0.26a. So that would include the i386 CentOS 4 version of samba because it's 3.0.10.
I am on the CentOS Announcements mailing list, and I still have not seen an announcement that this has been fixed in the i386 CentOS 4 version of samba. I have seen announcements for CentOS 3 i386, CentOS 3 x86_64, and even CentOS 4 s390. But not for CentOS 4 i386. What gives?
Thanks,
- Bit
I think this is part of 4.6, coming to mirrors near you maybe this week.
Correct ...
CentOS-4.6 will be released soon, then they will be in sync again.
There are different maintainers for different arches and different approaches.
But I am the i386/x86_64 maintainer ... and 4.6 will be released as a whole and not in pieces. That is because in the past, certain security upgrades caused bugs when built against a newer package set but released on the older tree. We can not afford for things not to work together so will these two arches (which make up 90% of CentOS users) as upstream did ... with all of the bugfixes, security updates, enhancements together. That is just how they are built and the only way everything is known to coexist.
We just released 5.1 and we have to give our mirror infrastructure time to peak and go back down before we can release 4.6, since we do not have unlimited mirror resources like the upstream guys.
Thanks, Johnny Hughes
Johnny Hughes wrote:
Scott Silva wrote:
on 12/4/2007 10:27 AM Bit spake the following:
Hello,
I have two questions which are really CentOS repository related, but they primarily revolve around the Samba packages available.
- Why is the s390 architecture version of Samba for CentOS 4 so much
more up to date than the i386 architecture version? If you open these two links in a browser window... http://isoredirect.centos.org/centos/4/updates/i386/RPMS/ http://isoredirect.centos.org/centos/4/updates/s390/RPMS/ and compare the available rpms, the s390 version of samba is 3.0.25b, while the i386 version of samba is only 3.0.10.
- On a related note, why does it appear that a recent security
update was not applied to the CentOS 4 i386 architecture version of samba?
If you look at the top two patches listed on the Samba homepage here: http://us3.samba.org/samba/history/security.html You will see that they should apply to all versions of samba from 3.0.0 to 3.0.26a. So that would include the i386 CentOS 4 version of samba because it's 3.0.10.
I am on the CentOS Announcements mailing list, and I still have not seen an announcement that this has been fixed in the i386 CentOS 4 version of samba. I have seen announcements for CentOS 3 i386, CentOS 3 x86_64, and even CentOS 4 s390. But not for CentOS 4 i386. What gives?
Thanks,
- Bit
I think this is part of 4.6, coming to mirrors near you maybe this week.
Correct ...
CentOS-4.6 will be released soon, then they will be in sync again.
There are different maintainers for different arches and different approaches.
But I am the i386/x86_64 maintainer ... and 4.6 will be released as a whole and not in pieces. That is because in the past, certain security upgrades caused bugs when built against a newer package set but released on the older tree. We can not afford for things not to work together so will these two arches (which make up 90% of CentOS users) as upstream did ... with all of the bugfixes, security updates, enhancements together. That is just how they are built and the only way everything is known to coexist.
We just released 5.1 and we have to give our mirror infrastructure time to peak and go back down before we can release 4.6, since we do not have unlimited mirror resources like the upstream guys.
Thanks, Johnny Hughes
Thank you for your response.
Since CentOS strives to be a free, binary-identical version of Red Hat, how does this process work? I imagine it goes something like this...
Red Hat releases Red Hat Enterprise Linux AS 4.6 on some date. I can't seem to find the date on redhat.com, but according to wikipedia, it was 15th of November, 2007.[1]
So then once Red Hat releases RHEL AS 4.6, the CentOS team basically downloads the source code/whatever they need, strips out the graphics and other copyrighted material, "CentOS-ifies" it, and then releases it as CentOS 4.6.
Is that basically how this process works?
So then the answer to my Samba related questions is this: Red Hat released the security updates that I mentioned as part of Update 6. They didn't release anything for RHEL 4.5. So naturally, the CentOS team doesn't want to "backport" these updates to CentOS 4.5, they're doing the same thing Red Hat did, releasing the new samba package with the security fixes I mentioned (almost certainly in addition to other fixes) as part of the CentOS Update 6. And personally, I have to say that makes a lot of sense since the point of CentOS is to be as identical to RHEL as possible.
Thanks again for responding, Johnny. Would you please let me know if I got that right and make any necessary corrections?
Thanks, - Bit
[1]http://en.wikipedia.org/wiki/Red_hat_enterprise_linux#Version_history
Since CentOS strives to be a free, binary-identical version of Red Hat, how does this process work? I imagine it goes something like this...
Red Hat releases Red Hat Enterprise Linux AS 4.6 on some date. I can't seem to find the date on redhat.com, but according to wikipedia, it was 15th of November, 2007.[1]
So then once Red Hat releases RHEL AS 4.6, the CentOS team basically downloads the source code/whatever they need, strips out the graphics and other copyrighted material, "CentOS-ifies" it, and then releases it as CentOS 4.6.
Is that basically how this process works?
So then the answer to my Samba related questions is this: Red Hat released the security updates that I mentioned as part of Update 6. They didn't release anything for RHEL 4.5. So naturally, the CentOS team doesn't want to "backport" these updates to CentOS 4.5, they're doing the same thing Red Hat did, releasing the new samba package with the security fixes I mentioned (almost certainly in addition to other fixes) as part of the CentOS Update 6. And personally, I have to say that makes a lot of sense since the point of CentOS is to be as identical to RHEL as possible.
Thanks again for responding, Johnny. Would you please let me know if I got that right and make any necessary corrections?
Thanks,
- Bit
I think you have a clear view on this topic. There is also a related thread in the CentOS forum and Johnny's response is comment #14
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=11376&forum=4...
Akemi
Akemi Yagi wrote:
Since CentOS strives to be a free, binary-identical version of Red Hat, how does this process work? I imagine it goes something like this...
Red Hat releases Red Hat Enterprise Linux AS 4.6 on some date. I can't seem to find the date on redhat.com, but according to wikipedia, it was 15th of November, 2007.[1]
So then once Red Hat releases RHEL AS 4.6, the CentOS team basically downloads the source code/whatever they need, strips out the graphics and other copyrighted material, "CentOS-ifies" it, and then releases it as CentOS 4.6.
Is that basically how this process works?
So then the answer to my Samba related questions is this: Red Hat released the security updates that I mentioned as part of Update 6. They didn't release anything for RHEL 4.5. So naturally, the CentOS team doesn't want to "backport" these updates to CentOS 4.5, they're doing the same thing Red Hat did, releasing the new samba package with the security fixes I mentioned (almost certainly in addition to other fixes) as part of the CentOS Update 6. And personally, I have to say that makes a lot of sense since the point of CentOS is to be as identical to RHEL as possible.
Thanks again for responding, Johnny. Would you please let me know if I got that right and make any necessary corrections?
Thanks,
- Bit
I think you have a clear view on this topic. There is also a related thread in the CentOS forum and Johnny's response is comment #14
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=11376&forum=4...
Akemi
Thanks for your response and the link; that helped a lot.
I think I need to clear up one thing in my post for sake of posterity.
"Red Hat released the security updates [for samba] that I mentioned as part of Update 6."
That's not really accurate. The samba updates were not really *part* of Update 6, rather they were simply released *after* RHEL released Update 6.
Red Hat constantly releases security updates. So while we're on RHEL 4.5, Red Hat releases security updates and then these updates trickle from RHEL 4.5 down into CentOS 4.5 at a pretty quick pace. But a RHEL Update is a big deal; it significantly changes lots of packages. So after RHEL 4.6 is released, it takes the CentOS team a few weeks to "CentOS-ify" the Update and get CentOS 4.5 up to version 4.6. During those few weeks, Red Hat is still releasing security updates, but they are for RHEL 4.6 and cannot realistically be applied to CentOS 4.5. So we have to wait for CentOS to become 4.6 before it can start receiving security updates again. And THAT'S what causes the short lag in security updates in CentOS after a point release.
-
Akemi Yagi -
Bit -
Johnny Hughes -
Scott Silva