On 12/14/20 3:47 PM, Leroy Tennison wrote: > The whole issue of "support longevity" raises an issue I've been pondering, > is 10-year support a good thing from a security perspective? At work we use > Ubuntu LTS which has only a five year support cycle (you can pay for an extra > five years) but, even with that, issues have arisen. Although they do > security and bug fix updates, the package versions remain basically the same. > So, if a package is on version 1.2.3, it remains 1.2.3 with bug fixes and > security patches for the life of the distribution. Does Red Hat/CentOS do the > same thing?
Yes. Nearly always. Exceptions are in release notes as "rebasing". > The reason I ask is I ran into an issue where OpenVPN was updated in a later > release to support a more robust security architecture which wasn't available > until I upgraded. A configuration change could have addressed a security > weakness in the older version so that the issue wasn't one of a security > patch. This, in a nutshell, is why it is better for stability within a release, to back-port fixes. Yes, it takes a lot more effort by Red Hat to maintain software this way. When you decide a package needs a significantly newer version, that's when you start looking at new releases of the OS. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos