[CentOS] Re: CentOS Repo Questions (and Samba)

Bit bit2300 at gmail.com
Wed Dec 5 15:53:57 UTC 2007


Johnny Hughes wrote:
> Scott Silva wrote:
>   
>> on 12/4/2007 10:27 AM Bit spake the following:
>>     
>>> Hello,
>>>
>>> I have two questions which are really CentOS repository related, but
>>> they primarily revolve around the Samba packages available.
>>>
>>> 1)  Why is the s390 architecture version of Samba for CentOS 4 so much
>>> more up to date than the i386 architecture version?  If you open these
>>> two links in a browser window...
>>> http://isoredirect.centos.org/centos/4/updates/i386/RPMS/
>>> http://isoredirect.centos.org/centos/4/updates/s390/RPMS/
>>> and compare the available rpms, the s390 version of samba is 3.0.25b,
>>> while the i386 version of samba is only 3.0.10.
>>>
>>> 2)  On a related note, why does it appear that a recent security
>>> update was not applied to the CentOS 4 i386 architecture version of
>>> samba?
>>>
>>> If you look at the top two patches listed on the Samba homepage here:
>>> http://us3.samba.org/samba/history/security.html
>>> You will see that they should apply to all versions of samba from
>>> 3.0.0 to 3.0.26a.
>>> So that would include the i386 CentOS 4 version of samba because it's
>>> 3.0.10.
>>>
>>> I am on the CentOS Announcements mailing list, and I still have not
>>> seen an announcement that this has been fixed in the i386 CentOS 4
>>> version of samba.  I have seen announcements for CentOS 3 i386, CentOS
>>> 3 x86_64, and even CentOS 4 s390.  But not for CentOS 4 i386.  What
>>> gives?
>>>
>>> Thanks,
>>> - Bit
>>>       
>> I think this is part of 4.6, coming to mirrors near you maybe this week.
>>
>>     
> Correct ...
>
> CentOS-4.6 will be released soon, then they will be in sync again.
>
> There are different maintainers for different arches and different
> approaches.
>
> But I am the i386/x86_64 maintainer ... and 4.6 will be released as a
> whole and not in pieces.  That is because in the past, certain security
> upgrades caused bugs when built against a newer package set but released
> on the older tree.  We can not afford for things not to work together so
> will these two arches (which make up 90% of CentOS users) as upstream
> did ... with all of the bugfixes, security updates, enhancements
> together.  That is just how they are built and the only way everything
> is known to coexist.
>
> We just released 5.1 and we have to give our mirror infrastructure time
> to peak and go back down before we can release 4.6, since we do not have
> unlimited mirror resources like the upstream guys.
>
> Thanks,
> Johnny Hughes
>
>
>   
Thank you for your response.

Since CentOS strives to be a free, binary-identical version of Red Hat, 
how does this process work?  I imagine it goes something like this...

Red Hat releases Red Hat Enterprise Linux AS 4.6 on some date.  I can't 
seem to find the date on redhat.com, but according to wikipedia, it was 
15th of November, 2007.[1]

So then once Red Hat releases RHEL AS 4.6, the CentOS team basically 
downloads the source code/whatever they need, strips out the graphics 
and other copyrighted material, "CentOS-ifies" it, and then releases it 
as CentOS 4.6.

Is that basically how this process works?

So then the answer to my Samba related questions is this:  Red Hat 
released the security updates that I mentioned as part of Update 6.  
They didn't release anything for RHEL 4.5.  So naturally, the CentOS 
team doesn't want to "backport" these updates to CentOS 4.5, they're 
doing the same thing Red Hat did, releasing the new samba package with 
the security fixes I mentioned (almost certainly in addition to other 
fixes) as part of the CentOS Update 6.  And personally, I have to say 
that makes a lot of sense since the point of CentOS is to be as 
identical to RHEL as possible.

Thanks again for responding, Johnny.  Would you please let me know if I 
got that right and make any necessary corrections?

Thanks,
- Bit

[1]http://en.wikipedia.org/wiki/Red_hat_enterprise_linux#Version_history



More information about the CentOS mailing list