On 11/12/2010 3:44 PM, Philip Amadeo Saeli wrote: > * Robert Heller<heller at deepsoft.com> [2010-11-07 07:13:27 -0500]: >> At Sun, 7 Nov 2010 00:17:31 -0500 CentOS mailing list<centos at centos.org> wrote: >> >>> I'm maintaining an internet-facing web server which is now running httpd >>> 2.0.63 (httpd-2.0.63-2.el4s1.centos.2) which is now neary 2.5 years >>> old(!?!). I need to move to either 2.0.64 or 2.2.12 or later. However, >>> I've been unable to find available RPMs for such releases for CentOS >>> 4.x. >>> >>> I have to believe that others have these needs also. In light of this, >>> how do others keep up with security upgrades for the httpd? I'm rather >>> new to this aspect of things, so am still in the process of sorting >>> things out in this regard. >> Red Hat backports security updates (from newer versions). So long as >> you have been applying the standard O/S updates (eg 'yum update') >> regularly, your http is up-to-date WRT security updates. > This is true for vendor-supported version. However, for technical > reasons (i.e., need for additional features or capabilities), we are > running versions more recent than the vendor-supported ones. Up until > recently, I have been able to obtain the needed versions (of, e.g., > httpd, mysql, and php) from available third-party CentOS repos. > However, this is no longer the case. > > My question in this regard is to find out how this problem is generally > handled by others. I know anyone who has internet-facing, secure > servers has to deal with these same issues. Up until now, I've been > able to trust that the community response would result in the needed > RPMs showing up in public repos. That model seems to now be broken (if > indeed it was ever truly viable). > > In particular, I need the following package versions (for CentOS 4.x), > none of which I've been able to locate in any publicly available repo: > > 1. httpd-2.0.64 # released: 2010-10-19 > 2. php-5.2.14 # released: 2010-07-22 > > I have been able to locate packages for php-5.3.3 and am in the process > of testing them. However, things would be *much* simpler in the short > term if we could move first to php-5.2.14. > > Our longer-range plan is to upgrade the server to CentOS 5, which will > help quite a bit in this regard. However, in the mean time I'm stuck > with CentOS 4 on this server due to severe time, resource, and budget > constraints. Of note, RHEL 6 was released this week, so CentOS 6 will likely be out maybe around the end of the year. Also, the next version release for RHEL 5 has an option to move to PHP 5.3. It's coming soon. Your time restraints might allow you jump two major releases! ;) As for the PHP upgrades. I don't know if you use SquirrelMail or not, but on a v5.x test machine, my upgrade to PHP 5.2 broke SquirrelMail. I didn't bother fixing it. I have recently upgraded that system to PHP 5.3 from EPEL repository and SquirrelMail works again. That's the only thing I found that was broken... Just beware as it was a surprise to me. John Hinton