On Wed, 2004-12-15 at 16:18 -0800, Michael Rock wrote:> Hi, as far as security advisories from Redhat I only
> see the last update to Postfix being 9/2/04
> 2.0.16-14.RHEL3.
That is what I am using.
>
> Centos3.3 however added a newer version that I am
> currently using which matches the last 2.0 version
> official release at postfix.org.
>
> /pub/cAos/centos-3/3.3/contrib/i386/RPMS/
> postfix-2.0.20-1.centos3.1
>
That is a contrib package ... meaning someone other than the official
CentOS maintainers provided it. It is NOT the official CentOS-3
version.
> Since I am running this as my public smtp server it
> makes me wonder why Redhat has not moved to Postfix
> 2.1 which is the latest official release.
>
RedHat has a policy of backporting fixes ... see this link:
http://www.redhat.com/advice/speaks_backport.html
> Anyone have a opinion whether it is safe to stick with
> Redhats Postfix's release on a public smtp server or
> should I move to 2.1?
RedHat's official versions are (in my opinion) the best from a security
perspective.
>
> thx
>
> -- Mike
---
Johnny Hughes
<http://www.HughesJR.com/>