Looking Ahead - Upgrade
Rick Stevens
ricks at nerd.com
Sat May 10 00:35:35 UTC 2008
Anders Karlsson wrote:
> * Rick Stevens <ricks at nerd.com> [20080510 01:16]:
> [snip]
>> Not always possible. I recently had to put OpenSSL 0.9.8g on a CentOS
>> 5.1 machine to pass a certain certification. The latest OpenSSL for
>> CentOS 5.1 is 0.9.8b (farking ancient). I did it by building it from
>> a F9-Preview source RPM, building it (with some tweaks as F9 has some
>> ciphers that CentOS 5.1 doesn't have), installing the binaries and
>> poking various symlinks and such to make existing apps happy. So, Rule
>> 1 can't ALWAYS be adhered to, no matter how "stock" you want your system
>> to be.
>
> Don't stare yourself blind on the version string. If the only reason
> for requiring OpenSSL 0.9.8g is security fixes, then the version in
> CentOS may very well have all the ones you'd care about. You are aware
> of Red Hat's ABI/API guarantee - right?
>
> Saying that - I have some tools that I build for RHEL 5.x and for
> Fedora 8 (soon 9) as a matter of course, as I use them elsewhere
> regularly.
The bugs may have been fixed in Red Hat's 0.9.8b and that'd be peachy.
However, the certification also looks at the version strings and such
and even if the bugs WERE fixed, it wouldn't pass the certification
test if the version came back as anything less than 0.9.8f.
Yes, it's stupid, but I didn't make the rules. In some respects, it's
the "I'm the mommy and I said so!" scenario.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer rps2 at nerd.com -
- Hosting Consulting, Inc. -
- -
- What is a "free" gift? Aren't all gifts free? -
----------------------------------------------------------------------
More information about the users
mailing list