CentOS - Nov 2016 - CentOS 6.3 packages updates options without upgrading.

On Mon, Nov 7, 2016 at 11:12 PM, John R Pierce <pierce at hogranch.com>
wrote:
> On 11/7/2016 8:33 PM, Dipal Bhatt wrote:
>
>> Unfortunately, there's not possibility in this specific situation
to be
>> able to update from 6.3 -> 6.8.
>>
>
> any such external specifications that insist you run an old obsolete
> operating system are inherently broken.   I hope this server isn't
> connected to the internet, and isn't providing any services to
untrusted
> users.
>
> any RHEL/CentOS 6 compatible applications you have that work on 6.3 that
> won't work on 6.8 are broken.
>
>  * 6.8's kernel is is still 2.6.32, same as 6.3.
>  * 6.8's glibc is still 2.12
>  * 6.8's php is still 5.3
>  * 6.8's mysql is still 5.1
>  * 6.8's postgresql is still 8.4
>  * 6.8's perl is still 5.10
>  * 6.8's python is still 2.6.6
>  * etc etc.
>
> all of these components have security and bug fixes from later releases
> backported to them.

Excellent, and thanks John to clarify the above compatibility factor.  It
seems,  any application that strictly depends on the 6.3 packages must not
be updated to 6.8.  And, outside of that dependency, I gather it should be
safe to update any hand picked packages to the latest is my understanding
here. It seems, in general RHEL tries to maintain ABI level compatibility
but they may not be perfect and they may only test with the packages set
current at the time.  So, it's worth testing and possibly updating to 6.8
packages where there's serious security fixes or such.  But, yes,
there's
no way to update the 6.3 to 6.8 as I repeatedly mentioned which is the only
requirement/constraint.

Thanks again!

On Mon, 7 Nov 2016 23:33:56 -0600
Dipal Bhatt wrote:
> But, yes, there's
> no way to update the 6.3 to 6.8 as I repeatedly mentioned which is the only
> requirement/constraint.
It occurs to me to ask what you consider to be version 6.3.  If you update any
of the rpms to the 6.8 version you are no longer running version 6.3.  If the
spec requires 6.3 and nothing else, then you will no longer be compatible with
the spec as soon as you install the first 6.8 rpm.

On the other hand, if you are allowed to install 6.8 rpms, then what's
keeping you back from doing a proper job instead of a halfway and half-assed
one?

Upgrading "selected packages only" will leave you with something
that's neither fish or fowl, and it won't meet your requirements as
stated either.

-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com

What constraint is requiring you to run a highly vulnerable server?

On Nov 8, 2016 00:34, "Dipal Bhatt" <dipal.bhatt at gmail.com>
wrote:
> On Mon, Nov 7, 2016 at 11:12 PM, John R Pierce <pierce at
hogranch.com>
> wrote:
>
> > On 11/7/2016 8:33 PM, Dipal Bhatt wrote:
> >
> >> Unfortunately, there's not possibility in this specific
situation to be
> >> able to update from 6.3 -> 6.8.
> >>
> >
> > any such external specifications that insist you run an old obsolete
> > operating system are inherently broken.   I hope this server isn't
> > connected to the internet, and isn't providing any services to
untrusted
> > users.
> >
> > any RHEL/CentOS 6 compatible applications you have that work on 6.3
that
> > won't work on 6.8 are broken.
> >
> >  * 6.8's kernel is is still 2.6.32, same as 6.3.
> >  * 6.8's glibc is still 2.12
> >  * 6.8's php is still 5.3
> >  * 6.8's mysql is still 5.1
> >  * 6.8's postgresql is still 8.4
> >  * 6.8's perl is still 5.10
> >  * 6.8's python is still 2.6.6
> >  * etc etc.
> >
> > all of these components have security and bug fixes from later
releases
> > backported to them.
>
>
> Excellent, and thanks John to clarify the above compatibility factor.  It
> seems,  any application that strictly depends on the 6.3 packages must not
> be updated to 6.8.  And, outside of that dependency, I gather it should be
> safe to update any hand picked packages to the latest is my understanding
> here. It seems, in general RHEL tries to maintain ABI level compatibility
> but they may not be perfect and they may only test with the packages set
> current at the time.  So, it's worth testing and possibly updating to
6.8
> packages where there's serious security fixes or such.  But, yes,
there's
> no way to update the 6.3 to 6.8 as I repeatedly mentioned which is the only
> requirement/constraint.
>
> Thanks again!
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

The specs may have certain dependency on subset of 6.3 packages, but not
for all other packages/binaries, as I mentioned earlier.  So, to keep
things rather intact, we would simply meet requirements by only updating
"selected packages only".  And, for now, that should be considered
intermittent solution until we can safely land to a proper job as you
mentioned.  So, would there be any issue by upgrading "selected only
packages" temporarily?  For example, only updating nss-util or openssl to
6.8 version.  Thanks all, appreciated very much.

On Mon, Nov 7, 2016 at 11:43 PM, Frank Cox <theatre at
melvilletheatre.com>
wrote:
> On Mon, 7 Nov 2016 23:33:56 -0600
> Dipal Bhatt wrote:
>
> > But, yes, there's
> > no way to update the 6.3 to 6.8 as I repeatedly mentioned which is the
> only
> > requirement/constraint.
>
> It occurs to me to ask what you consider to be version 6.3.  If you update
> any of the rpms to the 6.8 version you are no longer running version 6.3.
> If the spec requires 6.3 and nothing else, then you will no longer be
> compatible with the spec as soon as you install the first 6.8 rpm.
>
> On the other hand, if you are allowed to install 6.8 rpms, then what's
> keeping you back from doing a proper job instead of a halfway and
> half-assed one?
>
> Upgrading "selected packages only" will leave you with something
that's
> neither fish or fowl, and it won't meet your requirements as stated
either.
>
> --
> MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

On 11/7/2016 9:43 PM, Frank Cox wrote:
> Upgrading "selected packages only" will leave you with something
that's neither fish or fowl, and it won't meet your requirements as
stated either.
more specifically, it will be a completely untested configuration.     
considering that any single package can be updated 100s of times in the 
lifetime of a major release (rhel/centos 6 for example), and there's 
1000s of packages, thats an exponential number of combinations, it would 
be insane for the distribution to test every possible combination of 
packages across multiple incremental updates.


-- 
john r pierce, recycling bits in santa cruz