security update policy

classic Classic list List threaded Threaded
8 messages Options
jdd
Reply | Threaded
Open this post in threaded view
|

security update policy

jdd
Hello,

I'm trying to make a server update from 1.5.8 to 1.6.3 but
have difficulties with this, so I tried to install materials
straight from my distribution (SUSE Linux 10.0)

this is the SUSE Linux stable one.

after installing and update to the very last security
updates, I ended up with mediawiki 1.4.7 (not sure of the "7")

so my question:

how long do you plan to make security updates on old
products? I wonder if a 1.4 will still be secure :-) and how
long :-)

I work hard with opensuse, so I can report there any problem.

thanks
jdd
--
http://www.dodin.net
http://dodin.org/galerie_photo_web/expo/index.html
http://lucien.dodin.net
http://fr.susewiki.org/index.php?title=Gérer_ses_photos
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: security update policy

Brion Vibber
jdd wrote:
> after installing and update to the very last security
> updates, I ended up with mediawiki 1.4.7 (not sure of the "7")
>
> so my question:
>
> how long do you plan to make security updates on old
> products?

About a year, generally.

> I wonder if a 1.4 will still be secure :-) and how
> long :-)

1.4.0 was released March 20, 2005, a bit over a year ago. The most recent fix
release on 1.4 is 1.4.14, released January 19, 2006.

-- brion vibber (brion @ pobox.com)


_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

signature.asc (257 bytes) Download Attachment
jdd
Reply | Threaded
Open this post in threaded view
|

Re: security update policy

jdd
Brion Vibber wrote:

> jdd wrote:
>> after installing and update to the very last security
>> updates, I ended up with mediawiki 1.4.7 (not sure of the "7")
>>
>> so my question:
>>
>> how long do you plan to make security updates on old
>> products?
>
> About a year, generally.

thanks
jdd

--
http://www.dodin.net
http://dodin.org/galerie_photo_web/expo/index.html
http://lucien.dodin.net
http://fr.susewiki.org/index.php?title=Gérer_ses_photos
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: security update policy

Tels
Moin,

On Sunday 23 April 2006 09:29, jdd wrote:

> Brion Vibber wrote:
> > jdd wrote:
> >> after installing and update to the very last security
> >> updates, I ended up with mediawiki 1.4.7 (not sure of the "7")
> >>
> >> so my question:
> >>
> >> how long do you plan to make security updates on old
> >> products?
> >
> > About a year, generally.
I also saw that SuSE 10.0 has 1.4.7, it is simple a problem of long
overlapping release cycles. When they bundles mediawiki (I was astonished
that they do), they take whatever is there at the time they go into a
freeze. Half a year later, it's completely outdated.

However, as far as SuSE goes, they have an active security patching going
on, and if mediawiki x.y.z is part of their system, you should ask them
to backport security patches for it (or release a new onem). I don't know
what the exact timeframe for SuSE is, but they provide security patches
for quite old installations.

I don't know what 10.1 will contain, but I doubt it is mediawiki 1.6.3
(one can hope, though :)

Unfortunately, 10.1 is already late, and 10.2 (or 11.0) will arrive in
like 6..9 months and until then people using SuSE will be stuck with
whatever they stick on their DVD.

Well, or use the latst mediawiki, like I did :-D

Best wishes,

Tels

--
 Signed on Sun Apr 23 13:08:46 2006 with key 0x93B84C15.
 Visit my photo gallery at http://bloodgate.com/photos/
 PGP key on http://bloodgate.com/tels.asc or per email.

 "My wife is just a slow brain, running up the bill.." -- Often misheard
 song lyrics #149


_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

attachment0 (492 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: security update policy

Jimmy Collins-3
In reply to this post by jdd
Hi,

> -----Ursprüngliche Nachricht-----
> Von: MediaWiki announcements and site admin list <[hidden email]>
> Gesendet: 23.04.06 13:18:47
> An: MediaWiki announcements and site admin list <[hidden email]>
> Betreff: Re: [Mediawiki-l] security update policy
>
> I don't know what 10.1 will contain, but I doubt it is mediawiki 1.6.3
> (one can hope, though :)

In SuSE OSS 10.1 RC2 there is no mediawiki package right now.

Cheers,
Jimmy
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: security update policy

Tels
Moin,

On Sunday 23 April 2006 13:24, Jimmy Collins wrote:

> Hi,
>
> > -----Ursprüngliche Nachricht-----
> > Von: MediaWiki announcements and site admin list
> > <[hidden email]> Gesendet: 23.04.06 13:18:47
> > An: MediaWiki announcements and site admin list
> > <[hidden email]> Betreff: Re: [Mediawiki-l] security
> > update policy
> >
> > I don't know what 10.1 will contain, but I doubt it is mediawiki
> > 1.6.3 (one can hope, though :)
>
> In SuSE OSS 10.1 RC2 there is no mediawiki package right now.
I guess thats better than an outdated one :)

Best wishes,

Tels

--
 Signed on Sun Apr 23 13:39:24 2006 with key 0x93B84C15.
 Visit my photo gallery at http://bloodgate.com/photos/
 PGP key on http://bloodgate.com/tels.asc or per email.

 "Most of the screen on a blog is blank for an imaginary populace of
 readers still using 640x480 resolution. I didn't buy a 19" monitor to
 have 50% of its screen realestate pissed away on firing white pixels,
 you assholes." -- maddox from xmission


_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

attachment0 (492 bytes) Download Attachment
jdd
Reply | Threaded
Open this post in threaded view
|

Re: security update policy

jdd
In reply to this post by Jimmy Collins-3
Jimmy Collins wrote:

> Hi,
>
>> -----Ursprüngliche Nachricht-----
>> Von: MediaWiki announcements and site admin list <[hidden email]>
>> Gesendet: 23.04.06 13:18:47
>> An: MediaWiki announcements and site admin list <[hidden email]>
>> Betreff: Re: [Mediawiki-l] security update policy
>>
>> I don't know what 10.1 will contain, but I doubt it is mediawiki 1.6.3
>> (one can hope, though :)
>
> In SuSE OSS 10.1 RC2 there is no mediawiki package right now.

false, there is 1.5.5
not so bad
jdd


--
http://www.dodin.net
http://dodin.org/galerie_photo_web/expo/index.html
http://lucien.dodin.net
http://fr.susewiki.org/index.php?title=Gérer_ses_photos
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
jdd
Reply | Threaded
Open this post in threaded view
|

Re: security update policy

jdd
In reply to this post by Tels