I'm relatively new to CentOS. I ordered a VPS and requested CentOS 5.5. As I was installing packages, I noticed that some of the versions are pretty old - for example, Postfix is v 2.3 in the repo (and, according to Postfix's website - no longer mainted). Is this a security risk as the current version is 2.7.1? Building and compiling Postfix from source seems to cause additional problems with yum, so I'm not sure what to do other than perhaps switch to something like Fedora. Perhaps there's a third-party repo with updated packages that I haven't found? Thanks, Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100708/08396473/attachment.html>
On Wed, Jul 7, 2010 at 4:10 PM, Matthew Valentino <astrochase at gmail.com> wrote:> I'm relatively new to CentOS. I ordered a VPS and requested CentOS 5.5. As I > was installing packages, I noticed that some of the versions are pretty old > - for example, Postfix is v 2.3 in the repo (and, according to Postfix's > website - no longer mainted). Is this a security risk as the current version > is 2.7.1? > Building and compiling Postfix from source seems to cause additional > problems with yum, so I'm not sure what to do other than perhaps switch to > something like Fedora. Perhaps there's a third-party repo with updated > packages that I haven't found? > Thanks, > MattWelcome to CentOS. You may want to read the FAQ at: http://wiki.centos.org/FAQ This one will answer your questions: http://wiki.centos.org/FAQ/General#head-472ce8446ebcfc82ca1800f775ba0e629ac835c7 Please be sure to read the two links in there. :) Akemi
On Jul 7, 2010, at 6:10 PM, Matthew Valentino wrote:> I'm relatively new to CentOS. I ordered a VPS and requested CentOS 5.5. As I was installing packages, I noticed that some of the versions are pretty old - for example, Postfix is v 2.3 in the repo (and, according to Postfix's website - no longer mainted). Is this a security risk as the current version is 2.7.1? > > Building and compiling Postfix from source seems to cause additional problems with yum, so I'm not sure what to do other than perhaps switch to something like Fedora. Perhaps there's a third-party repo with updated packages that I haven't found? > > Thanks,During the support time of the OS, security updates will be made. If not by the package maintainer, then by the upstream Linux vendor. Sometimes, it is by backporting fixes. Sometimes (Firefox for example), an upgrade to a more current version will be made.
At Thu, 8 Jul 2010 00:10:22 +0100 CentOS mailing list <centos at centos.org> wrote:> > > > I'm relatively new to CentOS. I ordered a VPS and requested CentOS 5.5. As I > was installing packages, I noticed that some of the versions are pretty old > - for example, Postfix is v 2.3 in the repo (and, according to Postfix's > website - no longer mainted). Is this a security risk as the current version > is 2.7.1? > > Building and compiling Postfix from source seems to cause additional > problems with yum, so I'm not sure what to do other than perhaps switch to > something like Fedora. Perhaps there's a third-party repo with updated > packages that I haven't found?CentOS is based on RHEL (RedHat Enterprise Linux). When a base version of RHEL is released (eg RHEL 5.0 [CentOS 5.0]) the versions of all of the software is 'frozen'. RedHat, however backports security and bug fixes (which CentOS passes along). So although the *appearent* version of Postfix is 2.3 in the repo, it will have the esentual security and bug fixes of the current version (2.7.1). [It may not have any feature enhancements of the current version though.] Fedora is the *beta testbed* that feeds into RHEL. Fedora is generally NOT recomended for production servers, since it is not generally stable enough. Also, its support lifetime is short (like about a year or less). This means you need to to fresh installs for each new version of Fedora and all sorts of things will likely break (means your production server will be down for days or even weeks every year -- not really good for business!). RHEL / CentOS has a support lifetime of 7 years (from the X.0 release). There are third-party repos (epel, rpmforge, elrepo) with some updated packages, but you need to be carefull -- it is possible to cause dependency conflicts that could break things. There is also the CentOSPlus repo that has selected updated packages as well.> > Thanks, > > Matt > > MIME-Version: 1.0 > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >-- Robert Heller -- 978-544-6933 Deepwoods Software -- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows heller at deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/