[Sysadmin] Next?

David Kaufman david at gigawatt.com
Sun Nov 16 22:12:16 CST 2008


Hi Dean,

"Dean Mah" <dean.mah at gmail.com> wrote:
> This brings up another question for me.  Do we stick to packages or
> build from source when a newer version is available.  There are
> packages for mediawiki and mailman but both are out of date.

Looks like Mailman, at least has had only some very minor new features in 
the last 2 versions, and a number of security fixes, which the debian 
stable security update packages will have already incorporated:

Mailman 2.1.10 (2008-04-21)
http://sourceforge.net/forum/forum.php?forum_id=814489

Mailman 2.1.11 final released (2008-06-07)
http://sourceforge.net/forum/forum.php?forum_id=833000

Etch's mediawiki version (1.7) is also over 2 years old, but the Lenny 
version (1.12, released earlier this year) *is* available for Etch from 
backports:
http://packages.debian.org/search?suite=etch-backports&keywords=mediawiki

So I'd say, run etch + *selected* backports, i.e. those whose newer 
features you really do need.

And don't install anything from source that you're not willing to babysit, 
monitor upstream releases, apply security fixes yourself, and upgrade when 
new versions come out.

I think, for evolt that mens we *should* run the old mailman from etch 
stable, the mediawiki from backports.

and ...honestly, I think we *should* run Drupal 5.x until Lenny comes out 
with Drupal 6 and security support for it.  Popular sites running popular 
PHP apps (as we know) are the primary targets for spammers, crackers & 
script kiddies.  I don't think we want to run a source installation that's 
going to take us days, weeks or months to get around to updating, 
especially when the known threats come this fast and furious: 
http://drupal.org/search/node/vulnerabilities

-dave




More information about the Sysadmin mailing list