On 3/22/09, Rob Townley <rob.townley at gmail.com> wrote: > http://httpd.apache.org/security/vulnerabilities_20.html > states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68. > i am no longer a httpd expert, but at least one of the security fixes > involves XSS attacks via malformed ftp commands. I also realize that > redhat / centos may patch things separately from Apache and that the > sysadmin has a great deal to do with how secure things are, but > almost 5 years? This is an Enterprise Distro and very rarely has the latest and greatest. It is supported for a long time and security updates are backported. The life is 7 years. Much longer than the life of a Distro with the latest and greatest. > Does the sysadmin for www.centos.org get paid? The CentOS team work for free on this project and they do an outstanding job. They also have full times jobs, so they are very busy. If you want the latest and greatest, you can install it yourself, but if it breaks, it's your problem. Decide which you want; (a) Long life, stability and security or (b) latest and greatest stuff.