On 12/6/06, Levy, Alan <[EMAIL PROTECTED]> wrote:
I am building it from source to get the latest and greatest version. I have had no problems building apache from source without ldap.
No doubt you're fully aware that mixing RPM and tarball installs is delicate art and you may end multiple versions of the same package installed and little clue about who uses what... but that's your choice. You may actually have the need for that specific new version. If your business need justifies running a version that is not supported by the support contract you pay for, so be it. But sometimes the requirement is due to confusion about security patches. I have frequently found that customers had such requirement on "this or that version" of some package based on the security advisories from CERT. The problem with those is that their "required version to resolve the issue" is based on fixing the issue in the maintenance stream of the package. The stated versions of various distributions in such advisories are the "consumer grade" edition of the distribution, not the Enterprise edition. For the Enterprise Linux editions, we pay the distributor to review those fixes and rework them to fit the stable version that you're running. That way you know you only get the fix for the security issue, and not all the brand new function that may be harmful. The frustrating part is that "everyone" says you need version 1.2.3 to avoid a security problem, and you run 1.1-7 from SuSE. It's often very hard to track down which Enterprise version will address the issues to be solved by 1.2.3. And if you found it, you still may not be able to convince those who set the rules. The response from SuSE on this was that you should ignore those public advisories and trust them on doing their job. So only follow their Enterprise Linux security notices, and install security versions when available. Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
