Re: where? security updates for FC4
Florin Andrei wrote: Now that the Legacy project is shutting down, the biggest problem becomes the security updates. FL never provided anything else than security updates. I have an FC4 server that I plan to keep running until CentOS 5 comes out, but I also have to apply security patches to this machine meanwhile. What would be the best source of security updates for FC4 short-term? SRPMs from FC5 or FC6, recompiled? But then there might be some dependency issues that might get ugly. SRPMs from RHEL or CentOS? Which version would be closest to FC4? Again, I expect some dependency issues here. Of course, one can always download the upstream tarballs and generate packages, but somehow I suspect this to be the most difficult method. Any other suggestions? You could upgrade to FC5 and later upgrade to CentOS 5? Nils Breunese. PGP.sig Description: Dit deel van het bericht is digitaal ondertekend -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: where? security updates for FC4
Michal Jaegermann wrote: On Wed, Jan 03, 2007 at 02:55:04PM -0800, Florin Andrei wrote: But then there might be some dependency issues that might get ugly. What dependencies? Either you edited spec and recompiled results, which means among other things that you are not using a version which is too high for other packages which may be using it, or this is not doable. In both cases you do not have any dependency problems although in the second case you are also missing an update. Such as an FC6 application requiring a certain library version that cannot be found on FC4, so then the library needs an upgrade, which sometimes may require another thing to be upgraded, and so on. I've seen this before. SRPMs from RHEL or CentOS? They are really the same. Which version would be closest to FC4? Version of what? RHEL or CentOS. Since they are really the same, you know. ;-) If all of that would be so automatic as you seem to imagine I was merely asking for common sense suggestions. I do not expect anything to happen as if by magic. -- Florin Andrei http://florin.myip.org/ -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: where? security updates for FC4
Karanbir Singh wrote: Nils Breunese (Lemonbit) wrote: You could upgrade to FC5 and later upgrade to CentOS 5? Will most likely not work as expected : FC5 updates are going to out strip the E-V-R for similar packages in EL5. And there is the issue of orphan packages that in turn might be required based on installed role. And that won't happen when he stays at FC4 and then upgrades to CentOS when it comes out? I have to say I don't exactly understand what you're saying there though. I guess that if Florin wants a nice clean CentOS 5 system it might better to reinstall. Nils Breunese. PGP.sig Description: Dit deel van het bericht is digitaal ondertekend -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: where? security updates for FC4
On Wed, Jan 03, 2007 at 04:44:56PM -0800, Florin Andrei wrote: Michal Jaegermann wrote: Version of what? RHEL or CentOS. Since they are really the same, you know. ;-) What you are interested in differs only by identifier strings in release parts. CentOS on purpose _precisely_ tracks RHEL only removing and/or replacing things like artworks, identifiers, etc. in order not to violate copyrights or create false impressions. As you can guess there are delays, ranging from few hours to few days, before CentOS equivalents of RHEL updates are showing on mirrors. I was merely asking for common sense suggestions. I do not expect anything to happen as if by magic. So you got, I hope, what you asked for. OTOH it is definitely easier to maintain some specific machines than a whole distro. You do have much more leeway. Patching sources of packages you are using is the safest and the most correct course of action. Still it happens then the only sane thing to do is to upgrade a version of something. Michal -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: where? security updates for FC4
Nils Breunese (Lemonbit) wrote: I guess that if Florin wants a nice clean CentOS 5 system it might better to reinstall. Exactly. Meanwhile, I have to keep this silly FC4 box on life support, cross my fingers, prepare for the worst and hope for the best. It's the prepare for the worst part that I'm trying to disentangle now. -- Florin Andrei http://florin.myip.org/ -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: where? security updates for FC4
On Wed, Jan 03, 2007 at 02:55:04PM -0800, Florin Andrei wrote: Now that the Legacy project is shutting down, the biggest problem becomes the security updates. I have an FC4 server that I plan to keep running until CentOS 5 comes out, but I also have to apply security patches to this machine meanwhile. What would be the best source of security updates for FC4 short-term? It depends of course on what you are running on this system, but at the very least you will be concerned with the kernel. In theory you can use any newer kernel, but usually you need to stick to the known features and bugs of the kernel you are running. So the best source for security updates is using sources from FC4 and patching them with security fixes of issues being announced. But that was exactly what FL was about and is too much work for a single person/server. So the true answer is: There are no security updates for FC4 and no healthy way to provide some short of resurrecting FL. My advice is to try to harden security in other ways (iptables, fail2ban etc) and schedule either an upgrade to FC6 or a reinstall to RHEL4/5 as soon as possible. -- Axel.Thimm at ATrpms.net pgpil17p6igOx.pgp Description: PGP signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: where? security updates for FC4
Karanbir Singh wrote: FC5 installed and then updated with all released packages will contain packages that will by the time CentOS-5 is out there, already be newer than whats included in CentOS-5. Which will create problems since those packages will then not get yum updated to whats in the centos-5 repo's. I thought CentOS 5 was going to be based on FC6 and that therefore it would be (kind of) possible to upgrade from FC5 to CentOS 5, but I guess I'm wrong then. Nils Breunese. PGP.sig Description: Dit deel van het bericht is digitaal ondertekend -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: where? security updates for FC4
Nils Breunese (Lemonbit) wrote: I thought CentOS 5 was going to be based on FC6 and that therefore it would be (kind of) possible to upgrade from FC5 to CentOS 5, but I guess I'm wrong then. At release time, FC5 would have older packages than FC6 at release time, but FC5 has since seen updates etc. Eg. fc5 release firefox : firefox-1.5.0.1-9 fc5 latest firefox : firefox-1.5.0.9-1.fc5 fc6 release firefox : firefox-1.5.0.7-7.fc6 fc6 latest firefox : firefox-1.5.0.9-1.fc6 centos-5beta firefox : firefox-1.5.0.8-1.el5.centos -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: where? security updates for FC4
On Thu, Jan 04, 2007 at 03:04:48AM +, Karanbir Singh wrote: Nils Breunese (Lemonbit) wrote: At release time, FC5 would have older packages than FC6 at release time, but FC5 has since seen updates etc. Eg. fc5 release firefox : firefox-1.5.0.1-9 fc5 latest firefox : firefox-1.5.0.9-1.fc5 centos-5beta firefox : firefox-1.5.0.8-1.el5.centos In this particular case this happens to be no problem. 1.5.0.9 is a security fix and firefox-1.5.0.9-0.1.el4.centos4 is in CentOS 4 updates now so whatever will eventually show up will be not lower. Besides I have seen an anoucement, even if I cannot find it currently, that support for firefox-1.5 series will end in not so distant future (April?) and backpatching those browsers is really hard and does not really buy much beyond headaches. In other words you can expect newer versions of Firefox soon. OTOH FC5 still has mozilla with known security issues ( https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195318 ) so maybe I am too optimistic here. Michal -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list