[CentOS] httpd - mysql - paypal.com.tar - hacker

Jim Perrin jperrin at gmail.com
Fri Aug 21 21:34:27 UTC 2009

On Fri, Aug 21, 2009 at 5:17 PM, Ray Van Dolson<rayvd at bludgeon.org> wrote:

>  - Keep phpMyAdmin up to date.  Best way to do this is to use a
>    package from a well known repository like EPEL that keeps the
>    package at the latest version for you.

I've not beaten EPEL up too much on things like this, but here is one
instance where it counts. EPEL relies on its packagers to keep things
current, and in a startling number of cases, they do not. Case in
point is the wiki software, moin. Moin is at something like 1.8.x or
1.9.x now, and has several posted security issues, which have been
fixed in the most recent versions. EPEL however is still shipping
1.5.9 ->

Just because it's from a well known 3rd party repository doesn't mean
it's fully patched. While your advice to use known repositories is
good, please don't let it fool you into a false sense of security.

During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell

More information about the CentOS mailing list