[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [scl.org] Security updates not backported?



On 11/17/2014 10:26 PM, Greg Schumacher wrote:
From looking at the dates on
https://www.softwarecollections.org/repos/rhscl/php54/epel-6-x86_64/, it
appears that this security update
https://rhn.redhat.com/errata/RHSA-2014-1327.html was not backported into
php54.  Am I understanding that correctly?  If so, what is the backport
policy for php54 SCL?

According to
http://developerblog.redhat.com/2013/08/01/php-5-4-on-rhel-6-using-rhscl/,
the lifecycle for PHP 5.4 on the SCL should be 3 years which would be until
mid 2016.

Please do not confuse RHSCL and SCL.

RHSCL is Red Hat Software Collections and it is already included with many Red Hat Enterprise Linux subscriptions.
See:
https://access.redhat.com/solutions/472793
This product is always updated ASAP.

On the other hand - collections on softwarecollections.org (or just SCL) are community driven and have no guarantees. It is fine for developers and homebrew projects, but if you want to rely on security updates I highly recommend you to use Red Hat subscriptions (or participate on maintaining that collection).

Mirek Suchy


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]