Squid 2.4 and Squid 2.5; Security or what!!
hi list.. i was wondering why SuSE is always shipping stable Squid versions in its distro releases, that are over a year old.. for instance, SuSE 7.2 Pro ships with Squid-2.3 STABLE3, by default.. while this is the stable version, Squid-2.4, which is on the CDs as well, is not stable, and is still in beta stages... i am sure SuSE 7.3 Pro has somewhat the same problem, correct me if am wrong.. is it a security issue that SuSE doesn't release it's distros with the latest Squid versions, or something else... the rest of the world is currently working with Squid-2.5, which is soon being released as stable.. what is SuSE up to..?.. any ideas at least when Squid-2.4 will become mainstream..?.. thanks.. AKNIT __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
hi list..
i was wondering why SuSE is always shipping stable Squid versions in its distro releases, that are over a year old.. for instance, SuSE 7.2 Pro ships with Squid-2.3 STABLE3, by default.. while this is the stable version, Squid-2.4, which is on the CDs as well, is not stable, and is still in beta stages...
i am sure SuSE 7.3 Pro has somewhat the same problem, correct me if am wrong.. is it a security issue that SuSE doesn't release it's distros with the latest Squid versions, or something else... the rest of the world is currently working with Squid-2.5, which is soon being released as stable.. what is SuSE up to..?.. any ideas at least when Squid-2.4 will become mainstream..?..
thanks.. AKNIT
There is no benefit of having the most recent version around if it crashes
on you sometimes. "soon released as stable" is not an argument. squid
doesn't have any eyecandy features, so why do you bother in the first
place?
This is a matter of professional version selection in order to provide a
stable and secure operating system with additional software.
This is about maturity and reliability, and believe me, it's better to
have a version out that is a bit grey than having one that needs a cron
daemon to check if it is still running (or if there are updates
available). The developers of these software packages greatly appreciate
that we don't ship any beta software on our CDs. This gives the software
an according reputation.
Since (even) the default installation gives you the opportunity to
recompile your squid-2.5 package all on your own, I don't see any damage
here.
Roman.
--
- -
| Roman Drahtmüller
okay Roman, understood... thanks for the info.. it's
just that i got a small bug that was treated in
Squid-2.4, something about an insane file size in
Squid swap state.. i like to use the SuSE verions of
squid because i think it's thoroughly tested and more
stable.. but what about the patches that were applied
to the problems in these earlier versions..
thanks.. AKNIT
--- Roman Drahtmueller
i was wondering why SuSE is always shipping stable Squid versions in its distro releases, that are
year old.. for instance, SuSE 7.2 Pro ships with Squid-2.3 STABLE3, by default.. while this is the stable version, Squid-2.4, which is on the CDs as well, is not stable, and is still in beta stages...
i am sure SuSE 7.3 Pro has somewhat the same
correct me if am wrong.. is it a security issue
SuSE doesn't release it's distros with the latest Squid versions, or something else... the rest of
over a problem, that the
world is currently working with Squid-2.5, which is soon being released as stable.. what is SuSE up to..?.. any ideas at least when Squid-2.4 will become mainstream..?..
thanks.. AKNIT
There is no benefit of having the most recent version around if it crashes on you sometimes. "soon released as stable" is not an argument. squid doesn't have any eyecandy features, so why do you bother in the first place?
This is a matter of professional version selection in order to provide a stable and secure operating system with additional software. This is about maturity and reliability, and believe me, it's better to have a version out that is a bit grey than having one that needs a cron daemon to check if it is still running (or if there are updates available). The developers of these software packages greatly appreciate that we don't ship any beta software on our CDs. This gives the software an according reputation.
Since (even) the default installation gives you the opportunity to recompile your squid-2.5 package all on your own, I don't see any damage here.
Roman. -- - - | Roman Drahtmüller
// "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
__________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
On Monday 21 January 2002 17:23, you wrote:
okay Roman, understood... thanks for the info.. it's just that i got a small bug that was treated in Squid-2.4, something about an insane file size in Squid swap state.. i like to use the SuSE verions of squid because i think it's thoroughly tested and more stable.. but what about the patches that were applied to the problems in these earlier versions..
On this point, I reported a problem in Squid's Bugzilla, a while back, when running Red Hat, this was after a fair amount of investigation of a number of squid issues, most of which had patches available for download. The nice thing with rpm was (well under RH at least), that it was relatively easy to judge, from the spec file and patches applied to the 'pristine sources', what state the package actually was in. Using source rpm's and updating them for new pristine sources, or additional patches applied by altering the spec file, makes upgrading much simpler and less error prone. Can't you simply adapt the SuSE source rpm, with a new release in the same way? The SuSE ones I've loaded include dif files, perhaps not quite as simple as seperate fix patches, and one for configuration, that Red Hat use, but it should be not too difficult to follow the modifications. Rob
On Mon, Jan 21, 2002 at 04:50:08PM +0000, Mark Tinka wrote:
hi list..
Hi Mark,
i was wondering why SuSE is always shipping stable Squid versions in its distro releases, that are over a year old.. for instance, SuSE 7.2 Pro ships with Squid-2.3 STABLE3, by default.. while this is the stable version, Squid-2.4, which is on the CDs as well, is not stable, and is still in beta stages...
i am sure SuSE 7.3 Pro has somewhat the same problem, correct me if am wrong.. is it a security issue that
On 7.3 you'll find squid-2.3.STABLE4 and squid-2.4.STABLE2 which I think is reasonable. When you want to run newer versions you will have to roll your own anyway because we can't update the CDs that are already sold. Our aim is, first of all, to provide stable packages for all other people :) Carrying around three versions of squid is a bit much, same holds true for the bind stuff -- it is (we dropped bind 4, so it was) hard to maintain packages with the whole bunch of stable _and_ beta releases of bind 4, 8 and 9 properly. Plus bugfix/security updates. Especially if you take into account their turnover rate ;) Somewhere you have to draw a line.
SuSE doesn't release it's distros with the latest Squid versions, or something else... the rest of the world is currently working with Squid-2.5, which is soon being released as stable.. what is SuSE up to..?.. any ideas at least when Squid-2.4 will become mainstream..?..
Isn't it? Peter -- VFS: Busy inodes after unmount. Self-destruct in 5 seconds. Have a nice day...
participants (4)
-
Mark Tinka
-
Peter Poeml
-
Robert Davies
-
Roman Drahtmueller