keeping the packages up to date
Karl Larsen
k5di at zianet.com
Sun Jun 29 16:41:43 UTC 2008
Michael P. Varre wrote:
>
>
> I recently started using Ubuntu server LTS for some production web servers
> due to the fact that it is SO easy to run. However, usually I guess you get
> what you pay for. I've noticed that many major packages for things such as
> Apache2 and PHP5 don't really stay up to date too much. For instance the
> newest package available using aptitude is 2.0.55, yet the newest available
> on apache.org is 2.0.63.
>
>
>
> Now, I understand the package maintainers mostly keep these up to date out
> of the kindness of their heart and in their spare time, and really we'd all
> be nowhere without them. However, do many have an issue running these
> systems that are so out of date due to security concerns?
>
>
>
> Are many admins out there really running Ubuntu LTS in production
> environments that face the internet?
>
>
>
> Just wondering if anyone has any thoughts on this issue as two of my boxes
> were recently compromised and frankly I don't know if it was my system or
> the application running on it, or a combination of the two and I'm not sure
> what I should plan on doing in the future
>
>
>
> Thanks!
>
>
>
>
>
You are looking at one side of the coin. Another larger side is Web
Database Applications with PHP and MySQL. I have the O'Reilly 2nd
edition and it talks to openssl-0.9.7c which was the latest in 2004.
Apache was 2.0.47 which was new then. These versions work fine on real
web pages doing business today. You don't need the latest unless it has
a function you need. This is not often the case.
Karl
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
PGP 4208 4D6E 595F 22B9 FF1C ECB6 4A3C 2C54 FE23 53A7
More information about the ubuntu-users
mailing list