On Tue, Feb 03, 2015 at 21:31:35 +0000, isdtor wrote: > Fedora is probably a bad example.
True, because it has no LTS, and is sort-of bleeding edge. > I seriously doubt any Fedora users are running more than one or two > releases behind current, this is just unlike the target audience. I saw a statistic just yesterday, which shows the contrary: http://fedoramagazine.org/wp-content/uploads/2015/02/fedora-os-all-mov_avg.png Posted in this article: http://fedoramagazine.org/5tftw-2015-02-03/ > And no sensible admin puts Fedora into the server room anyway. Agreed. But mutt is not a server program. > But active distributions of similar vintage can be a concern, like > RHEL5 and derivatives (which are ok in this regard, I believe - > openssl-0.9.8e). Exactly. This is the breaking point: I think you should be looking at actively supported (non-finally-really-EOL) distributions, minus one generation perhaps. And we're not just talking Linux, also other Unixes. Even SLES10 was only finally EOL'd not so long ago, and my previous employer had an extension on the support. You can't believe how ancient some of the SW on those systems was. (E.g glibc 2.4, slightly mixed with some backported 2.5 code, making it hard to identify the API. :-P) For critical stuff such as openssl, you always wanted to compile your own newer versions alongside the system versions. ;-) Moritz
