Having always up to date packages in the core repositories is ideal, but there are a couple of reasons I suggested separate yum repositories/PPAs.
1. Getting constant attention for the package from the package maintainer is a wildcard, and even if it happens now, you never know what it will be like in the future. 2. More importantly: Redhat does not release package version updates as part of its update process; they back port patches into the repository’s current version. While that may work from a functionality standpoint (if new features made it into the backports), there could be things in ModSecurity that rely on the version number being correct. While Redhat/CentOS may be unlike other distros in this respect, its use is very widespread. I certainly wouldn’t oppose up to date packages in core repositories, if the ModSecurity team decides to pursue this, but the logistics will need careful consideration. Thanks, Jeremy Brown From: bpkr...@gmail.com [mailto:bpkr...@gmail.com] Sent: Sunday, August 12, 2012 7:25 PM To: Jeremy Brown; Ryan Barnett; mod-security-us...@lists.sourceforge.net; owasp-modsecurity-core-rule-set@lists.owasp.org Subject: Re: [Owasp-modsecurity-core-rule-set] Using the latest ModSecurity Versions I'm not sure I totally agree. I like not having endless extra repos to track and the vetting process that Debian for one has on their stable, backports, and volatile branches (though its not called that anymore). It might just be a matter of working a bit more closely with them. Thanks, Brian Sent from my mobile device. ----- Reply message ----- From: "Jeremy Brown" <jerem...@infosend.com> Date: Fri, Aug 10, 2012 10:01 Subject: [Owasp-modsecurity-core-rule-set] Using the latest ModSecurity Versions To: "Ryan Barnett" <rbarn...@trustwave.com>, "mod-security-us...@lists.sourceforge.net" <mod-security-us...@lists.sourceforge.net>, "owasp-modsecurity-core-rule-set@lists.owasp.org" <owasp-modsecurity-core-rule-set@lists.owasp.org> Hi Ryan, +1 to the repo idea. ModSecurity is the only software I maintain from source, because I fight to keep everything else installed from a repo. I would humbly suggest the ModSecurity team consider running their own yum repository and Debian/Ubuntu PPA. I think it would definitely help keep people up to to date, and you wouldn't have to rely on upstream maintainers. Thanks, Jeremy Brown =========================================== From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf Of Ryan Barnett Sent: Friday, August 10, 2012 6:38 AM To: mod-security-us...@lists.sourceforge.net; owasp-modsecurity-core-rule-set@lists.owasp.org Subject: [Owasp-modsecurity-core-rule-set] Using the latest ModSecurity Versions Question for the lists - if you are not running the latest version of ModSecurit _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
