Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Re: SuSE Security Announcement: xf86 (SuSE-SA:2002:032)
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Wed, 18 Sep 2002 17:54:12 +0200 (MEST)
  • Message-id: <Pine.LNX.4.44.0209181712550.5951-100000@xxxxxxxxxxxx>
> What if we've used the rpm's off your site to upgrade an older distro to
> XF4.2, such as 7.3 on my notebook? Am I affected as well?

I'm sorry that I might not get the point.

The directory tree that you got the material from is called
"supplementary". This means that the packages therein are from us, they
have been compiled for the specific distribution and that they do not
actually belong to the distribution (otherwise, you'd find them in the
distribution itself).
I have moved this README.txt in place for you. It will be available on the
server within minutes.



README.txt in directory /pub/suse/<arch>/supplementary/ on
or mirrors, dated Wed Sep 18 17:34:24 MEST 2002, auth.: draht@.

Dear SuSE Linux user,

Generally, we do not provide update packages with newer versions in the
official update tree. Our high quality standard forces us to keep to the
versions originally published with a product to maintain the overall system
in a consistent state with regards to cross-dependent packages (think of a
linux system like a building, built with packages like bricks one on top of
another). Fixing a problem in a package with a new version (some openssl
library for example) will most certainly bring about malfunctions in other
parts of the system.
After all, you will definitely not be satisfied if you install a security
fix that renders your system unusable.

The directory /pub/suse/<arch>/supplementary/ contains RPM packages that
originate from SuSE build engines and that are built for the specific
distribution as visible in the directory path that leads to the package.
Some of the packages have been built by their respective package maintainer
at SuSE in his/her spare time. The packages are usually signed with the SuSE
build key build@xxxxxxx, or at least by the personal key of a SuSE employee
so that you can verify that the packages really are from SuSE sources.

We publish these packages as a service to the community (you) because many
users of the SuSE Linux operating system wish to use newer versions of
specific packages due to feature or hardware support constraints in older
SuSE Linux versions without the obligation to upgrade the entire system.
Even though these packages have been built for the specific SuSE Linux
version, there is no warranty that these packages seamlessly interoperate
with the rest of the system. The packages have been made with "best effort"
and _should_ work as described in the README files contained in the
respective directories. We make no claim about their fitness for a specific
purpose, so you might as well experience that the package you have chosen
does not work properly on your system. In addition to this, there is no
warranty about the fitness of the packages in security matters: There are no
updates for these packages unless the maintainer decides to refresh the
trees with new builds.

To make it short: If you wish to use a newer version of a package and if you
insist on having properly working updates at hand if there is a security
update, then please use a newer SuSE Linux version. If you feel a little bit
adventurous, then these packages will suit your needs.

Roman Drahtmüller,
SuSE Security <security@xxxxxxx>, ftpadmin <ftpadmin@xxxxxxx>.

< Previous Next >