On Sun, Apr 23, 2006 at 09:38:02AM +0200, jdd wrote:
playing with YOU and working with mediawiki, I noticed the last YOU update was 1.4.x (with x=7, but I'm not sure of that)
Mediawiki being at stable 1.6.3 I wondered if this was a good choice.. I asked the mediawiki list and got the answer below: mediawiki is maintained for approx 1 year.
Given SUSE Linux is said to have security updates for two years, I wonder what is going to be done.
Will a Novell programmer make the necessary patches to 1.4? will SUSE (YOU) provide upgrade to 1.5 or 1.6... giving I'm stuck with the 1.6 upgrade :-)
We currently do this, yes: $ ls -l /work/SRC/old-versions/10.0/all/mediawiki -rw-r--r-- 1 root root 854 2006-03-30 14:35 MD5SUMS -rw-r--r-- 1 root root 42 2006-03-30 14:35 MD5SUMS.meta -rw-r--r-- 1 root root 358 2006-01-26 11:08 mediawiki-1.4.5-permission-fix.diff -rw-r--r-- 1 root root 399 2006-01-26 11:08 mediawiki-1.4.7-DoS-CVE-2006-0322.diff -rw-r--r-- 1 root root 443 2006-01-26 11:08 mediawiki-1.4.7-EditPage.diff -rw-r--r-- 1 root root 1162 2006-01-26 11:08 mediawiki-1.4.7-IE-XSS.diff -rw-r--r-- 1 root root 1604 2005-12-07 14:47 mediawiki-1.4.7-php4.4.1.diff -rw-r--r-- 1 root root 1485633 2006-01-26 11:08 mediawiki-1.4.7.tar.bz2 -rw-r--r-- 1 root root 2174 2006-01-26 11:08 mediawiki-1.4.7-xss-CAN-2005-2396.diff -rw-r--r-- 1 root root 1849 2006-01-26 11:08 mediawiki-1.4.7-xss-CVE-2005-4501.diff -rw-r--r-- 1 root root 3121 2006-01-26 11:08 mediawiki-1.4.7-xss-math.diff -rw-r--r-- 2 root root 1459 2006-03-28 13:24 mediawiki-1.4.7-xss-parser.diff -rw-r--r-- 2 root root 2155 2006-03-28 16:39 mediawiki.changes -rw-r--r-- 2 root root 4922 2006-03-30 14:35 mediawiki.spec -rw-r--r-- 1 root root 1140 2006-01-26 11:08 README.SuSE -rw-r--r-- 1 root root 0 2006-03-30 14:35 ready
php scripts are very sensitive materials. vulnerability found there can severely impact a server.
Just do not use them. ;)
But of course my question is not about mediawiki (I already cope with this one :-), but more generally, giving the speed of the working Linux flow, how is the update policy setup? 10.0 is pretty fresh :-)
2 years of security updates, as with the dozen SUSE Linux releases before. Ciao, Marcus