Identify vulnerabilities in Red Hat 7.2

Matthew Nuzum matt.followers at gmail.com
Fri Jun 10 15:00:00 UTC 2005 

> Hello,
> 
> My company use a self made linux distribution mainly based on a Red Hat
> 7.2.
> Support is done by a small team. The support offered by the team is
> new hardware support, specific software queries but no security updates.
...
> 
> The first thing I want to do is to find out all the known vulnerabilities
> in the
> Red Hat 7.2. Since 05/2004, no updates has been avalaible for this
> distribution.
> 
> Since you have good experience for supporting non-supported distribution.
> Can you
> give me some clues about how I should proceed ?

It's a pain in the butt getting updates for 7.2. Many packages, especially
web related packages, use newer versions of the Berkley DB and it's very
hard to find that for the older RH versions. I've got several computers that
I did an in-place upgrade to 7.3 that worked perfectly. I've found it
slightly easier to get updates for 7.3, but it's getting more difficult with
each passing month.

You're at the moment of truth and I'd strongly urge you to go to a supported
distro. I can definitely relate to the problems of updating versions because
it takes months for us to retest our software on a new OS. (We started in
December and we're just about done)

Since I've been there, here's my 2 cents worth:
Supported server-class distros I know of: (i.e. have a financially stable,
commercial backing for support)
  RedHat Enterprise (3 - 4 years support)
  Suse Enterprise (3 - 4 years support)
  Ubuntu (18 months support)

Of those, the only that is freely available is Ubuntu.

Choosing an RHEL clone is, IMHO, a joke, because you *think* you're getting
support because you're using a freely available variant of a supported
distribution, but the fact is, the user communities behind the RHEL clones
are rather small. CentOS seems the largest and most active. White Box has a
lot of name recognition, but to me it appears that it's one man and when he
goes on vacation everything stops. I don't know much about the Tao RHEL
clone.

We like Ubuntu/Debian. Of all the free-bies out there, they seem the most
stable, which is what I need. The migration from 7.3 to Ubuntu/Debian is
non-trivial. However, Ubuntu has a large software repository called
"Universe" that contains many of the software packages we standardized on,
so things have worked very well.

Sorry for dragging on so much in this message. I could say a lot more, so if
you'd like more details, e-mail me.

-- 
Matthew Nuzum <matt at followers.net>
www.followers.net - Makers of "Elite Content Management System"
View samples of Elite CMS in action by visiting
http://www.followers.net/portfolio/

More information about the fedora-legacy-list mailing list