[CentOS] mismatch in openssh latest rpm available at centos

Thu Mar 29 13:55:29 UTC 2012
Johnny Hughes <johnny at centos.org>

On 03/28/2012 08:05 PM, Vinay Nagrik wrote:
> Hello Group,
>
> The latest rpm in openssh is 5.8, however, the corresponding latest rpm
> available in centos 5.7  is only
>
> openssh-4.3p2-72.el5_6.3.x86_64.rpm
>
>
> and
> in 6.0 centos is
>
> openssh-5.3p1-20.el6.x86_64.rpm
>
> I have following questions.
>
> 1. I want to start from src.rpm and where can I get the src.rpm for
> openssh-5.3p1-20.el6.x86_64.rpm.
>
> 2. Can I install openssh-5.3p1-20.el6.x86_64.rpm SAFELY with 5.7 centos
> without causing any problems.

If you rebuild it, if it rebuilds, and if you rebuild anything that
depends on the old one, then yes.  It may not build without newer
"buildrequires" being met though.  And now, every time there is an
upgrade, you have to remember to get the new one and rebuild again.  You
also have to track any changes of the new "buildrequires" that you had
to build.

>
> 3. Which of these two rpms will be most compatible with latest openssh rpm
> version 5.8.

They are all compatible ... I don't think any is more compatible than
another.

>
> Please let me know.  It is important for my work.
>
> Any help will be greatly appreciated.
>

Unless you are going to look at the CVE website every day for ssh
vulnerabilities and roll in patches or get new code from openssh
directly for every one, then you want to stay with what is in the distro.

Red Hat uses backporting for security issues:

https://access.redhat.com/security/updates/backporting/

If you rebuild a new ssh, you will also have to rebuild any packages
that are built against the old openssh against the new openssh.

If you are concerned about security ... that is the whole purpose of
enterprise linux ... it backports security patches for 10 years while
maintaining consistent APIs/ABIs. 

If you want the latest packages on your machine, then you want Fedora
and not CentOS.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120329/6dce0ab6/attachment-0005.sig>