[CLUE-Tech] RedHat & Postfix

Joe 'Zonker' Brockmeier jzb at dissociatedpress.net
Mon Jun 16 10:43:30 MDT 2003 

On Mon, 2003-06-16 at 10:23, Matt Gushee wrote:
> On Mon, Jun 16, 2003 at 08:29:04AM -0600, Joe 'Zonker' Brockmeier wrote:
> > 
> > > So anyway, I have a simple question about this: is RedHat currently
> > > "supporting" Postfix? In other words, if I install Postfix from an RPM,
> > > can I be reasonably sure that timely updates will be available for
> > > whatever security holes are discovered?
> > 
> > You can find Red Hat's list of updates for 8.0 here:
> > https://rhn.redhat.com/errata/rh8-errata-security.html
> > 
> > I don't see any Postfix updates, but I'm not sure that there have been
> > any security issues with Postfix since it's been released. 
> 
> Yes, I looked at that list too. And I guessed the same thing. But I'd
> like to have a better idea of RedHat's policy before relying on their
> packages.

Benign neglect? 

Seriously, I'd expect if there's a serious Postfix problem, they'd
address it -- it may be that there have been no serious Postfix issues,
or maybe they're below the radar... but it seems that RH does issue a
lot of security updates. 

> > If you're concerned, and willing to do a little extra work, you could
> > set up a RH 8 UML machine at home
> 
> UML? That means "Unified Modeling Language" to me, but obviously you
> mean something else. What does it stand for?

User-Mode Linux, it's probably what your hosting provider is using. 

> > and create RPMs from new releases of
> > Postfix... In fact, you should probably be prepared to do this anyway,
> > since RH has announced that they'll be ending support for RH 8 at the
> > end of the year: http://www.redhat.com/apps/support/errata/
> > 
> > Who are you using for hosting? If they're pre-installing RH 8, ask them
> > if they have any kind of migration plan for users who are on RH 8 or if
> > they plan to offer updates. 
> 
> It's johncompanies.com. And that's a good point. I'll ask.

I've used Tummy.com hosting, they also provide something similar...
Johncompanies.com seem like a decent outfit, though I haven't used them.

> > This is one of the reasons I decided to use Debian for my server instead
> > of RH. They're a bit slower, but they have much better support for DIY
> > types. 
> 
> Yes, I generally prefer Debian myself ... in fact I have been very
> critical of RedHat for what I view as jumping the gun on some of their
> releases. And I probably could have had Debian installed, but I was
> taking advantage of a special discount for Open Source contributors, and
> the Debian option wasn't part of the standard signup for that. So my
> account was set up, and it was RedHat ... I considered asking to have it
> switched to Debian, but decided it wasn't that important. These days I
> generally use either stock pre-built packages or source tarballs. In
> most cases, if it's just for my own use, it seems like more trouble than
> it's worth to customize RPMs or .debs.

I guess it's a matter of taste. In a situation where you're having a
server hosted by a third-party, and may not be able to install a new
version of an OS, it might be a necessity with RH and others severely
cutting back on the length of their "support" for older releases. 

While I think RH is doing the smart thing by limiting support for the
"free" releases, it's going to make things very complicated or fairly
expensive for hosting companies and such. I suspect there will be some
money to be made in a year or so in providing packaged updates for older
RH distros for providers who can't easily migrate all of their clients
to the latest releases, and can't afford the support fees per-machine.
(I wonder how RH would handle support for a single machine running 20
UML virtual RH machines?)

Zonker
-- 
Joe 'Zonker' Brockmeier
jzb at dissociatedpress.net
Aim: zonkerjoe
http://www.dissociatedpress.net

More information about the clue-tech mailing list