[scl.org] Security updates not backported?

Greg Schumacher greg.schumacher at trinetsolutions.com
Tue Nov 18 18:31:13 UTC 2014

Ah, you're right - I should have checked
before assuming this was on Red Hat's end as I see it has
php54-php-5.4.16-22.el6.src.rpm dated 10/29/14 on there.  It looks like
the community one is a few weeks behind.  Thanks

-----Original Message-----
From: sclorg-bounces at redhat.com [mailto:sclorg-bounces at redhat.com] On
Behalf Of Miroslav Suchy
Sent: Tuesday, November 18, 2014 12:23 AM
To: sclorg at redhat.com
Subject: Re: [scl.org] Security updates not backported?

On 11/17/2014 10:26 PM, Greg Schumacher wrote:
>>From looking at the dates on
> https://www.softwarecollections.org/repos/rhscl/php54/epel-6-x86_64/,
> it appears that this security update
> https://rhn.redhat.com/errata/RHSA-2014-1327.html was not backported
> into php54.  Am I understanding that correctly?  If so, what is the
> backport policy for php54 SCL?
> According to
> http://developerblog.redhat.com/2013/08/01/php-5-4-on-rhel-6-using-rhs
> cl/, the lifecycle for PHP 5.4 on the SCL should be 3 years which
> would be until mid 2016.

Please do not confuse RHSCL and SCL.

RHSCL is Red Hat Software Collections and it is already included with many
Red Hat Enterprise Linux subscriptions.
This product is always updated ASAP.

On the other hand - collections on softwarecollections.org (or just SCL)
are community driven and have no guarantees. It is fine for developers and
homebrew projects, but if you want to rely on security updates I highly
recommend you to use Red Hat subscriptions (or participate on maintaining
that collection).

Mirek Suchy

SCLorg mailing list
SCLorg at redhat.com

More information about the SCLorg mailing list