[scl.org] Security updates not backported?
Miroslav Suchy
msuchy at redhat.com
Tue Nov 18 08:22:56 UTC 2014
On 11/17/2014 10:26 PM, Greg Schumacher wrote:
>>From looking at the dates on
> https://www.softwarecollections.org/repos/rhscl/php54/epel-6-x86_64/, it
> appears that this security update
> https://rhn.redhat.com/errata/RHSA-2014-1327.html was not backported into
> php54. Am I understanding that correctly? If so, what is the backport
> policy for php54 SCL?
>
> According to
> http://developerblog.redhat.com/2013/08/01/php-5-4-on-rhel-6-using-rhscl/,
> the lifecycle for PHP 5.4 on the SCL should be 3 years which would be until
> mid 2016.
Please do not confuse RHSCL and SCL.
RHSCL is Red Hat Software Collections and it is already included with
many Red Hat Enterprise Linux subscriptions.
See:
https://access.redhat.com/solutions/472793
This product is always updated ASAP.
On the other hand - collections on softwarecollections.org (or just SCL)
are community driven and have no guarantees. It is fine for developers
and homebrew projects, but if you want to rely on security updates I
highly recommend you to use Red Hat subscriptions (or participate on
maintaining that collection).
Mirek Suchy
More information about the SCLorg
mailing list