There will always be some lag. If you look at ftp://ftp.suse.com/pub/suse/s390/update/7.0 you'll see various updates. Many of them are security related. I don't see a PHP update there, however, and that was a fairly serious exposure.
Mark Post -----Original Message----- From: Holly, Jason [mailto:[EMAIL PROTECTED]] Sent: Friday, April 05, 2002 9:53 AM To: [EMAIL PROTECTED] Subject: Re: php, suse sles 2.4.7 and s390 i think someone mentioned "patch regression" earlier this week as a pitfall of ./configure-make-make install... sot: has anyone noticed a pattern to suse patch availablity? how often are patches being announced? is there a lag between sec-bulletins and availability? -----Original Message----- From: Patterson, Ross [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 12:22 PM To: [EMAIL PROTECTED] Subject: Re: php, suse sles 2.4.7 and s390 Dennis G. Wicks <[EMAIL PROTECTED]> writes: > I checked Apache, gcc, Perl, PHP, proftp(d) and samba on three vendors > sites. Taking the easy route out (since this is really a theolgical discussion), I checked the Red Hat 7.2 source RPMs for Apache, GCC (2.96 and 3.0), Perl, PHP, and Samba (couldn't easily locate proftp). There were many differences from the stock downloads, none of which would be clear without examining the spec files in the source RPMs: 1) The Apache source RPM contains 9 patches beyond the 1.3.20 level, changes the default config files during setup, specifies 8 interesting-looking configuration options, and wires Apache into the /etc/rc.d facility. 2) The GCC 2.96 source RPM contains 4 additional source components (including two tar files) and an astonishing 334 patches beyond the 2.96 level, and specifies 9 interesting-looking configuration options. 3) The GCC 3.0 source RPM contains 16 patches beyond the 3.0.2 level, and specifies 3 interesting-looking configuration options. 4) The Perl source RPM contains 10 patches beyond the 5.6.0 level, specifies 11 interesting-looking configuration options, and generates a bunch of header and doc files during installation. 5) The PHP source RPM contains 7 patches beyond the 4.0.6 level, and specifies 35 interesting-looking configuration options. 6) The Samba source RPM contains 14 patches beyond the 2.2.1a level, and specifies 8 interesting-looking configuration options. Red Hat isn't alone in this, I've seen it time and again with all the major distributions. And it's a good thing - many of these patches are important, and the source RPM mechanism makes it patently obvious that you're receiving post-shipment maintenance in them. I stand by my statement that you need to go to your distribution for replacement packages. You run the risk of losing function or unfixing bugs during "upgrades" if you don't. Ross Patterson Computer Associates
