[CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old
Lanny Marcus
lmmailinglists at gmail.com
Mon Mar 23 01:50:44 UTC 2009
On 3/22/09, Rob Townley <rob.townley at gmail.com> wrote:
> http://httpd.apache.org/security/vulnerabilities_20.html
> states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68.
> i am no longer a httpd expert, but at least one of the security fixes
> involves XSS attacks via malformed ftp commands. I also realize that
> redhat / centos may patch things separately from Apache and that the
> sysadmin has a great deal to do with how secure things are, but
> almost 5 years?
This is an Enterprise Distro and very rarely has the latest and
greatest. It is supported for a long time and security updates are
backported. The life is 7 years. Much longer than the life of a Distro
with the latest and greatest.
> Does the sysadmin for www.centos.org get paid?
The CentOS team work for free on this project and they do an
outstanding job. They also have full times jobs, so they are very
busy.
If you want the latest and greatest, you can install it yourself, but
if it breaks, it's your problem. Decide which you want; (a) Long life,
stability and security or (b) latest and greatest stuff.
More information about the CentOS
mailing list