[CentOS] How current are packages?

Wed Jul 7 23:40:50 UTC 2010
Robert Heller <heller at deepsoft.com>

At Thu, 8 Jul 2010 00:10:22 +0100 CentOS mailing list <centos at centos.org> wrote:

> 
> 
> 
> I'm relatively new to CentOS. I ordered a VPS and requested CentOS 5.5. As I
> was installing packages, I noticed that some of the versions are pretty old
> - for example, Postfix is v 2.3 in the repo (and, according to Postfix's
> website - no longer mainted). Is this a security risk as the current version
> is 2.7.1?
> 
> Building and compiling Postfix from source seems to cause additional
> problems with yum, so I'm not sure what to do other than perhaps switch to
> something like Fedora. Perhaps there's a third-party repo with updated
> packages that I haven't found?

CentOS is based on RHEL (RedHat Enterprise Linux).  When a base version
of RHEL is released (eg RHEL 5.0 [CentOS 5.0]) the versions of all of
the software is 'frozen'. RedHat, however backports security and bug
fixes (which CentOS passes along).  So although the *appearent* version
of Postfix is 2.3 in the repo, it will have the esentual security and
bug fixes of the current version (2.7.1).  [It may not have any feature
enhancements of the current version though.] 

Fedora is the *beta testbed* that feeds into RHEL.  Fedora is generally
NOT recomended for production servers, since it is not generally stable
enough.  Also, its support lifetime is short (like about a year or
less). This means you need to to fresh installs for each new version of
Fedora and all sorts of things will likely break (means your production
server will be down for days or even weeks every year -- not really
good for business!). RHEL / CentOS has a support lifetime of 7 years
(from the X.0 release). 

There are third-party repos (epel, rpmforge, elrepo) with some updated
packages, but you need to be carefull -- it is possible to cause
dependency conflicts that could break things.  There is also the
CentOSPlus repo that has selected updated packages as well.

> 
> Thanks,
> 
> Matt
> 
> MIME-Version: 1.0
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
>                                                                                      

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
heller at deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/