playing with YOU and working with mediawiki, I noticed the
last YOU update was 1.4.x (with x=7, but I'm not sure of that)
Mediawiki being at stable 1.6.3 I wondered if this was a
good choice.. I asked the mediawiki list and got the answer
below: mediawiki is maintained for approx 1 year.
Given SUSE Linux is said to have security updates for two
years, I wonder what is going to be done.
Will a Novell programmer make the necessary patches to 1.4?
will SUSE (YOU) provide upgrade to 1.5 or 1.6... giving I'm
stuck with the 1.6 upgrade :-)
php scripts are very sensitive materials. vulnerability
found there can severely impact a server.
But of course my question is not about mediawiki (I already
cope with this one :-), but more generally, giving the speed
of the working Linux flow, how is the update policy setup?
10.0 is pretty fresh :-)
jdd
-------- Original Message --------
Subject: Re: [Mediawiki-l] security update policy
Date: Sat, 22 Apr 2006 23:48:43 -0700
From: Brion Vibber
after installing and update to the very last security updates, I ended up with mediawiki 1.4.7 (not sure of the "7")
so my question:
how long do you plan to make security updates on old products?
About a year, generally.
I wonder if a 1.4 will still be secure :-) and how long :-)
1.4.0 was released March 20, 2005, a bit over a year ago. The most recent fix release on 1.4 is 1.4.14, released January 19, 2006. -- brion vibber (brion @ pobox.com) -- http://www.dodin.net http://dodin.org/galerie_photo_web/expo/index.html http://lucien.dodin.net http://fr.susewiki.org/index.php?title=Gérer_ses_photos _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l