worries about upgrades

wedgeworth · 04-14-2004, 05:02 PM

ok i hope i haven't been committing some huge system admin cardinal sin here but.....i like grabbing the highest upgrade for my "type" of OS....not version of OS.

example if i was gonna upgrade openssl i'd go here:

http://rpmfind.rediris.es/rpm2html/openssl.html

and grab openssl-0.9.7a-2.i386 for red hat 9......b/c i run red hat 7.3

i would not grap something for SuSE or Fedora b/c i run red hat. is there any worries i should have about doing that. should i only grab the rpm for red hat 7.3.

i've run across this for different ways. i ran "SAINT" on my computer and it said i needed to upgrade openssl to 0.6m 0.6d or higher. however, i only have rh 7.3 (which openssl stops at about 0.6b). Is it wrong of me to upgrade to the packages higher than my OS, with openssl or any package? i surely hope not b/c i've been doing the contrary this whole time.

similarly, i run "apt-get install openssl" to get fix problems and it won't upgrade...says "openssl is already the newest version." 0.6b....which is much lower than "d" or "f". does this happen b/c i'm running 7.3 so it just grabs the highest version for 7.3 and not highest version of all?

any help would be appreciated thnx....

jailbait · 04-14-2004, 09:04 PM

"i would not grap something for SuSE or Fedora b/c i run red hat. is there any worries i should have about doing that. should i only grab the rpm for red hat 7.3."

When you use rpms compiled for later versions of Red Hat than 7.3 you might run into version dependency problems. For example, the most common dependency is glibc. Red Hat 9 has a later version of glibc than Red Hat 7.3. So the latest version of a package such as openssl that has been compiled on Red Hat 9 may or may not work with the older version of glibc found in Red Hat 7.3. This is also true for any other dependency.

This problem is compounded by the fact that the dependency checking in the rpm packages is imperfect. For example, the openssl rpm may check to make sure that glibc exists but may or may not check glibc version numbers when in fact there is a glibc version number dependency.

The incompatibility problem is increased when you use rpms from different distributions because different distributions store programs in different places. For example, SuSE stores all window managers in /opt and Red Hat does not use /opt at all.

"similarly, i run "apt-get install openssl" to get fix problems and it won't upgrade...says "openssl is already the newest version." 0.6b....which is much lower than "d" or "f". does this happen b/c i'm running 7.3 so it just grabs the highest version for 7.3 and not highest version of all?"

I think that it just grabs the highest version compatible with Red Hat 7.3.

"Is it wrong of me to upgrade to the packages higher than my OS, with openssl or any package? i surely hope not b/c i've been doing the contrary this whole time."

It is not absolutely wrong, but it increases the chance of a version mismatch. When you want to make large "leaps" in version numbers like this you are more likely to be successful if you compile the latest version from source on your Red Hat 7.3 system than if you install a binary rpm that was compiled on a Red Hat 9 system. Compiling yourself does not guarentee compatibility, it just makes it more likely.

___________________________________
Be prepared. Create a LifeBoat CD.
http://users.rcn.com/srstites/LifeBo...home.page.html

Steve Stites

wedgeworth · 04-15-2004, 08:06 AM

1) does anybody else have any theories about my origianl questions?

2) how i'm a i gonna know if i've messed something up by grabbing an incompatible version that is too high? everything seems to be working. it seems like i've gotten away with it so far (even having to upgrade the libraries like glib sometimes too), do i have anything to worry about right now? sorry, i'm just worried about what damage i may have done.

3) how am i gonna keep things secure when it is recommendations to upgrade to newer versions for security reasons?

Half_Elf · 04-15-2004, 11:03 AM

You know... some people won't like me much after saying this, but... RedHat and Redhat like (Fedora, Mandrake, Suse) aren't very good at my opinion because of the update question. I mean, RedHat 7.3 isn't very hard, but it is harder and harder to find "safe" update. And it will only go worst. Rpm aren't very good package, especially because too many versions and taste are around.
Instead, some distributions like Debian or Gentoo have very "safe" packaging system to make sure you can install latest (or near to) version easily using their package manager. RedHat is made to be easy to use, not to upgrade, and Debian/Gentoo are hard to use, but easy to upgrade.
That's a personnal choice I guess.