I think this is security relevant. Keeping the server software up to date is a part of a good security concept. Sometimes its possible to "backport" a security fix (e.g. Apache), sometimes it isn't because the code changes are all to big. On SuSEs side they have to ensure that an update doesn't break anything, that is why they dont upgrade to new versions, but fix the "outdated" version. On the other side is the sysadmin. You have to decide what you want. An update of the version that is certified by SuSE (e.g. does not break your current installation). Or the possibility to have top notch versions. I can only tell you how i decided to run things: I use normal distribution packages for the usual things. For things that are visible to the outside in some form (apache, openssl, dbms...), i decided to roll my own. I create packages on a dedicated host and can easily install them on the production hosts (all hosts need to be on the same release level of the os). I do that with Debian, but im sure you can set up these things for RPMs the same way (preinst, postinst scripts etc.). Its more work at the beginning, but pays off later. peace, Tom Erwin Zierler wrote:
I had the impression upgrading to a less buggy and more secure version of a certain package - esp. when we are talking about servers which are accessible to the whole world in many cases - would fall into the category 'security related'. Please accept my apologies and also ignore this any my previous message. the reason I sent it to the list too was because again I figured this would be interesting for people who have to maintain differrent servers with all kind of different daemons (securly) running.
End of discuss-ion/ing on my part.