Squid 2.4 and Squid 2.5; Security or what!!

older
RE: [suse-security] Is bind 9.1.0...

Mark Tinka

21 Jan 2002 21 Jan '02

16:50

hi list.. i was wondering why SuSE is always shipping stable Squid versions in its distro releases, that are over a year old.. for instance, SuSE 7.2 Pro ships with Squid-2.3 STABLE3, by default.. while this is the stable version, Squid-2.4, which is on the CDs as well, is not stable, and is still in beta stages... i am sure SuSE 7.3 Pro has somewhat the same problem, correct me if am wrong.. is it a security issue that SuSE doesn't release it's distros with the latest Squid versions, or something else... the rest of the world is currently working with Squid-2.5, which is soon being released as stable.. what is SuSE up to..?.. any ideas at least when Squid-2.4 will become mainstream..?.. thanks.. AKNIT __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com

Show replies by date

Roman Drahtmueller

21 Jan 21 Jan

17:01

New subject: [suse-security] Squid 2.4 and Squid 2.5; Security or what!!

...

hi list..

i was wondering why SuSE is always shipping stable Squid versions in its distro releases, that are over a year old.. for instance, SuSE 7.2 Pro ships with Squid-2.3 STABLE3, by default.. while this is the stable version, Squid-2.4, which is on the CDs as well, is not stable, and is still in beta stages...

i am sure SuSE 7.3 Pro has somewhat the same problem, correct me if am wrong.. is it a security issue that SuSE doesn't release it's distros with the latest Squid versions, or something else... the rest of the world is currently working with Squid-2.5, which is soon being released as stable.. what is SuSE up to..?.. any ideas at least when Squid-2.4 will become mainstream..?..

thanks.. AKNIT

There is no benefit of having the most recent version around if it crashes on you sometimes. "soon released as stable" is not an argument. squid doesn't have any eyecandy features, so why do you bother in the first place? This is a matter of professional version selection in order to provide a stable and secure operating system with additional software. This is about maturity and reliability, and believe me, it's better to have a version out that is a bit grey than having one that needs a cron daemon to check if it is still running (or if there are updates available). The developers of these software packages greatly appreciate that we don't ship any beta software on our CDs. This gives the software an according reputation. Since (even) the default installation gives you the opportunity to recompile your squid-2.5 package all on your own, I don't see any damage here. Roman. -- - - | Roman Drahtmüller // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -

Mark Tinka

17:23

New subject: [suse-security] Squid 2.4 and Squid 2.5; Security or what!!

okay Roman, understood... thanks for the info.. it's just that i got a small bug that was treated in Squid-2.4, something about an insane file size in Squid swap state.. i like to use the SuSE verions of squid because i think it's thoroughly tested and more stable.. but what about the patches that were applied to the problems in these earlier versions.. thanks.. AKNIT --- Roman Drahtmueller wrote: > > hi list..

...

...
i was wondering why SuSE is always shipping stable Squid versions in its distro releases, that are

...
year old.. for instance, SuSE 7.2 Pro ships with Squid-2.3 STABLE3, by default.. while this is the stable version, Squid-2.4, which is on the CDs as well, is not stable, and is still in beta stages...

i am sure SuSE 7.3 Pro has somewhat the same

...
correct me if am wrong.. is it a security issue

...
SuSE doesn't release it's distros with the latest Squid versions, or something else... the rest of

over a problem, that the

...
world is currently working with Squid-2.5, which is soon being released as stable.. what is SuSE up to..?.. any ideas at least when Squid-2.4 will become mainstream..?..

thanks.. AKNIT

There is no benefit of having the most recent version around if it crashes on you sometimes. "soon released as stable" is not an argument. squid doesn't have any eyecandy features, so why do you bother in the first place?

This is a matter of professional version selection in order to provide a stable and secure operating system with additional software. This is about maturity and reliability, and believe me, it's better to have a version out that is a bit grey than having one that needs a cron daemon to check if it is still running (or if there are updates available). The developers of these software packages greatly appreciate that we don't ship any beta software on our CDs. This gives the software an according reputation.

Since (even) the default installation gives you the opportunity to recompile your squid-2.5 package all on your own, I don't see any damage here.

Roman. -- - - | Roman Drahtmüller // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

__________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com

Robert Davies

19:14

New subject: [suse-security] Squid 2.4 and Squid 2.5; Security or what!!

On Monday 21 January 2002 17:23, you wrote:

...

okay Roman, understood... thanks for the info.. it's just that i got a small bug that was treated in Squid-2.4, something about an insane file size in Squid swap state.. i like to use the SuSE verions of squid because i think it's thoroughly tested and more stable.. but what about the patches that were applied to the problems in these earlier versions..

On this point, I reported a problem in Squid's Bugzilla, a while back, when running Red Hat, this was after a fair amount of investigation of a number of squid issues, most of which had patches available for download. The nice thing with rpm was (well under RH at least), that it was relatively easy to judge, from the spec file and patches applied to the 'pristine sources', what state the package actually was in. Using source rpm's and updating them for new pristine sources, or additional patches applied by altering the spec file, makes upgrading much simpler and less error prone. Can't you simply adapt the SuSE source rpm, with a new release in the same way? The SuSE ones I've loaded include dif files, perhaps not quite as simple as seperate fix patches, and one for configuration, that Red Hat use, but it should be not too difficult to follow the modifications. Rob

Peter Poeml

18:43

New subject: [suse-security] Squid 2.4 and Squid 2.5; Security or what!!

On Mon, Jan 21, 2002 at 04:50:08PM +0000, Mark Tinka wrote:

...

hi list..

Hi Mark,

...

i was wondering why SuSE is always shipping stable Squid versions in its distro releases, that are over a year old.. for instance, SuSE 7.2 Pro ships with Squid-2.3 STABLE3, by default.. while this is the stable version, Squid-2.4, which is on the CDs as well, is not stable, and is still in beta stages...

i am sure SuSE 7.3 Pro has somewhat the same problem, correct me if am wrong.. is it a security issue that

On 7.3 you'll find squid-2.3.STABLE4 and squid-2.4.STABLE2 which I think is reasonable. When you want to run newer versions you will have to roll your own anyway because we can't update the CDs that are already sold. Our aim is, first of all, to provide stable packages for all other people :) Carrying around three versions of squid is a bit much, same holds true for the bind stuff -- it is (we dropped bind 4, so it was) hard to maintain packages with the whole bunch of stable _and_ beta releases of bind 4, 8 and 9 properly. Plus bugfix/security updates. Especially if you take into account their turnover rate ;) Somewhere you have to draw a line.

...

SuSE doesn't release it's distros with the latest Squid versions, or something else... the rest of the world is currently working with Squid-2.5, which is soon being released as stable.. what is SuSE up to..?.. any ideas at least when Squid-2.4 will become mainstream..?..

Isn't it? Peter -- VFS: Busy inodes after unmount. Self-destruct in 5 seconds. Have a nice day...

8140

Age (days ago)

8140

Last active (days ago)

List overview

Download

4 comments

4 participants

participants (4)

Mark Tinka
Peter Poeml
Robert Davies
Roman Drahtmueller