[scl.org] Security updates not backported?
greg.schumacher at trinetsolutions.com
Tue Nov 18 23:14:07 UTC 2014
It looks like the prior SCLorg php54 release
(php54-php-5.4.16-16.el6.x86_64.rpm) was about 4 months behind the RH
release of the same version (2014-07-21 SCLorg vs 2014-03-31 RH). Any
thoughts on subscribing to RH and using the RH SCL repo with a RHEL
derivative such as CloudLinux in order to ensure timely updates? Do you
foresee any problems with doing that or other reasons not to do so?
From: Greg Schumacher [mailto:greg.schumacher at trinetsolutions.com]
Sent: Tuesday, November 18, 2014 10:31 AM
To: 'Miroslav Suchy'; 'sclorg at redhat.com'
Subject: RE: [scl.org] Security updates not backported?
Ah, you're right - I should have checked
before assuming this was on Red Hat's end as I see it has
php54-php-5.4.16-22.el6.src.rpm dated 10/29/14 on there. It looks like
the community one is a few weeks behind. Thanks
From: sclorg-bounces at redhat.com [mailto:sclorg-bounces at redhat.com] On
Behalf Of Miroslav Suchy
Sent: Tuesday, November 18, 2014 12:23 AM
To: sclorg at redhat.com
Subject: Re: [scl.org] Security updates not backported?
On 11/17/2014 10:26 PM, Greg Schumacher wrote:
>>From looking at the dates on
> it appears that this security update
> https://rhn.redhat.com/errata/RHSA-2014-1327.html was not backported
> into php54. Am I understanding that correctly? If so, what is the
> backport policy for php54 SCL?
> According to
> cl/, the lifecycle for PHP 5.4 on the SCL should be 3 years which
> would be until mid 2016.
Please do not confuse RHSCL and SCL.
RHSCL is Red Hat Software Collections and it is already included with many
Red Hat Enterprise Linux subscriptions.
This product is always updated ASAP.
On the other hand - collections on softwarecollections.org (or just SCL)
are community driven and have no guarantees. It is fine for developers and
homebrew projects, but if you want to rely on security updates I highly
recommend you to use Red Hat subscriptions (or participate on maintaining
SCLorg mailing list
SCLorg at redhat.com
More information about the SCLorg