keeping the packages up to date
Rich Rudnick
rich at aphroneo.net
Wed Jul 2 22:44:39 UTC 2008
On Sun, Jun 29, 2008 at 9:16 AM, Michael P. Varre <mvarre at kishmish.com>
wrote:
> I recently started using Ubuntu server LTS for some production web
> servers due to the fact that it is SO easy to run. However, usually I guess
> you get what you pay for. I've noticed that many major packages for things
> such as Apache2 and PHP5 don't really stay up to date too much. For instance
> the newest package available using aptitude is 2.0.55, yet the newest
> available on apache.org is 2.0.63.
>
> Now, I understand the package maintainers mostly keep these up to date out
> of the kindness of their heart and in their spare time, and really we'd all
> be nowhere without them. However, do many have an issue running these
> systems that are so out of date due to security concerns?
>
Generally security updates are backported into the existing version, so
2.0.55 is not the 'virgin' 2.0.55, but 2.0.55 with the various security
updates that have been released. Possibly not exactly 2.0.63, but very
close. The way to check what is applied is to check
/usr/share/doc/<packagename>/changelog.Debian.gz. I'm not currently on a box
with apache installed, so I can't check myself, but I think you will find
that it is very up to date securitywise.
Are many admins out there really running Ubuntu LTS in production
> environments that face the internet?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080702/b16b1eac/attachment.html>
More information about the ubuntu-users
mailing list