[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [scl.org] Security updates not backported?

Ah, you're right - I should have checked
before assuming this was on Red Hat's end as I see it has
php54-php-5.4.16-22.el6.src.rpm dated 10/29/14 on there.  It looks like
the community one is a few weeks behind.  Thanks

-----Original Message-----
From: sclorg-bounces redhat com [mailto:sclorg-bounces redhat com] On
Behalf Of Miroslav Suchy
Sent: Tuesday, November 18, 2014 12:23 AM
To: sclorg redhat com
Subject: Re: [scl.org] Security updates not backported?

On 11/17/2014 10:26 PM, Greg Schumacher wrote:
>>From looking at the dates on
> https://www.softwarecollections.org/repos/rhscl/php54/epel-6-x86_64/,
> it appears that this security update
> https://rhn.redhat.com/errata/RHSA-2014-1327.html was not backported
> into php54.  Am I understanding that correctly?  If so, what is the
> backport policy for php54 SCL?
> According to
> http://developerblog.redhat.com/2013/08/01/php-5-4-on-rhel-6-using-rhs
> cl/, the lifecycle for PHP 5.4 on the SCL should be 3 years which
> would be until mid 2016.

Please do not confuse RHSCL and SCL.

RHSCL is Red Hat Software Collections and it is already included with many
Red Hat Enterprise Linux subscriptions.
This product is always updated ASAP.

On the other hand - collections on softwarecollections.org (or just SCL)
are community driven and have no guarantees. It is fine for developers and
homebrew projects, but if you want to rely on security updates I highly
recommend you to use Red Hat subscriptions (or participate on maintaining
that collection).

Mirek Suchy

SCLorg mailing list
SCLorg redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]