[scl.org] Security updates not backported?

Miroslav Suchy msuchy at redhat.com
Tue Nov 18 08:22:56 UTC 2014

On 11/17/2014 10:26 PM, Greg Schumacher wrote:
>>From looking at the dates on
> https://www.softwarecollections.org/repos/rhscl/php54/epel-6-x86_64/, it
> appears that this security update
> https://rhn.redhat.com/errata/RHSA-2014-1327.html was not backported into
> php54.  Am I understanding that correctly?  If so, what is the backport
> policy for php54 SCL?
> According to
> http://developerblog.redhat.com/2013/08/01/php-5-4-on-rhel-6-using-rhscl/,
> the lifecycle for PHP 5.4 on the SCL should be 3 years which would be until
> mid 2016.

Please do not confuse RHSCL and SCL.

RHSCL is Red Hat Software Collections and it is already included with 
many Red Hat Enterprise Linux subscriptions.
This product is always updated ASAP.

On the other hand - collections on softwarecollections.org (or just SCL) 
are community driven and have no guarantees. It is fine for developers 
and homebrew projects, but if you want to rely on security updates I 
highly recommend you to use Red Hat subscriptions (or participate on 
maintaining that collection).

Mirek Suchy

More information about the SCLorg mailing list