Here is how I understand it: Red Hat supports 3 versions of their boxed OS with security fixes at this time: Red Hat Linux 6.2, Red Hat Linux 7.3, and Red Hat Linux 8.0. They will do security fixes which would be to apache-1.3.2? for 6.2 and 7.3 and for 8.0 it would be 2.x. Red Hat rarely gives out for code revisions for security problems but insteads does back ports of code fixes for most vulnerabilities (so they would patch say 1.3.23 with the security fixes from 1.3.27 versus putting out a 1.3.27). The general reason is that it is easier to audit the code that way, and to also make sure that various ABI/API changes that might have occured between versions do not affect customers. The rare case where Red Hat would send out a completely new version would be where the fixes break ABI/API or are so invasive that one might as well release the newer version (plus all the needed fixes for other mod_* items). Going forward, Red Hat will be focusing on the apache 2.x series for their 8.0 and beyond Linux releases. On Tue, 2002-10-15 at 16:28, Homer Wilson Smith wrote: > > I have been told that RedHat does not have updates for > apache-1.3.27 and has abandoned it for 2.x > > Is there any truth in this? > > ------------------------------------------------------------------------ > Homer Wilson Smith The Paths of Lovers Art Matrix - Lightlink > (607) 277-0959 KC2ITF Cross Internet Access, Ithaca NY > homerat_private In the Line of Duty http://www.lightlink.com > -- Stephen John Smoogen smoogenat_private Los Alamos National Labrador CCN-2 B-Schedule PH: Ta-03 SM-261 MailStop P208 DP 17U Los Alamos, NM 87545 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 16:29:57 PDT