Article 11540 at 07/12/19 09:00:51 From: brian (at mark) nuonce.net Subject: [coba-e:11540] Re: What really happeded to the mail

Index: [Article Count Order] [Thread]
Date:  Tue, 18 Dec 2007 18:59:16 -0500
From:  "Brian N. Smith" <brian (at mark) nuonce.net>
Subject:  [coba-e:11540] Re: What really happeded to the mail
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <007701c841d2$017e6f60$1e64a8c0 (at mark) nuonce.net>
References:  <BAY129-DAV6C17D6FA3B74C19C34D6ACA630 (at mark) phx.gbl> <40E1C71DFD600D4EA127F2840C6C1E9B028EC2 (at mark) www.palei.com> <BAY129-DAV15F323569E22C4D7E6237CCA630 (at mark) phx.gbl>
X-Mail-Count: 11540

> Do you really think redhat came out with 80+ updates 3 days ago? 
> Try over the last few months...

Just to clarify a few things.

The last surge of updates is from CentOS v4.6, which is the same as 
Redhat Enterprise v4.6

The "actual" release date, by Redhat was: 11-16-2007
http://distrowatch.com/table.php?distribution=redhat

CentOS released CentOS v4.6 on: 12-16-2007
http://distrowatch.com/table.php?distribution=centos

The updates released between minor revisions of CentOS (and Redhat) 
are mainly bug fixes, and cert advisories fixes.  They backport fixes 
into their current stable release.  This do NOT do major upgrades on 
individual software packages.

Now, to answer the question.  The answer is YES.

These 80+ updates are indeed part of CentOS v4.6, which was released 
on 16th of December.

Any previous "yum update" list of RPMS were released at different 
times, based on the need to fix bugs & vulnerability.

When 4.7 of CentOS & Redhat come out, there will be another surge of 
roughly 60-90 RPMS.  By looking at the previous release schedule will 
be in 6-8 months.

For users who have been with the project since it was brought out on 
my ISO on May 29, 2005, will definitely remember loads of RPMS showing 
up in their "yum update"

>> I have created a commercial repo with 2 mirrors for the updates 
>> needed by the CentOS BlueQuartz Nuonce 4.8 cd for VISA/MC PCI 
>> Compliance.
>You missed the part about PCI Compliance or you just don't understand 
>it...

Reading over the FAQ for PCI Compliance takes more then just updates 
to your system.  Here are some additional steps.

a.. Build and Maintain a Secure Network
a.. Protect Cardholder Data
a.. Maintain a Vulnerability Management Program
a.. Implement Strong Access Control Measures
a.. Regularly Monitor and Test Networks

By upgrading your Apache from what Redhat releases to the current 
version will NOT ensure you meet the requirements for "PCI 
Compliance".  To read more, I suggest reading their website before you 
commit to anything.

http://www.pcicomplianceguide.org/

> RH charges what $345 a year for updates? and I only make the parts 
> CentOS Doesn't make!

CentOS actually releases everything that Redhat releases with Redhat 
Enterprise.  Just as CentOS has been able to gain access to ALL Source 
RPMS (per the GPL) that Redhat releases, so can you!  You just need to 
find a Redhat mirror and do some looking around.

> That is in part due to the fact that Redhat isn't doing anything of 
> the kind and things like dovecot  and Proftp are specific to this 
> system
> and can be updated that way.

To put this debate to rest, Zeffie is correct.  Proftp is not a part 
of Redhat Enterprise.  It was chosen because that is what Cobalt had 
used.  Dovecot was chosen to replace Qpopper, because it offered more 
functionality.

No arguing, just the facts.

Thank you for your time,

Brian N. Smith