LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Slackware security updates - for how long? (http://www.linuxquestions.org/questions/slackware-14/slackware-security-updates-for-how-long-430385/)

Nobber 03-31-2006 01:24 PM

Slackware security updates - for how long?
 
Does anyone know whether Slackware (i.e. Pat!) has an official policy regarding how long security updates will be provided for a particular version of the distribution? I can't find any info on this anywhere, though presumably I haven't searched hard enough.

I notice that security updates are still being provided for Slackware 8.1 which was released in June 2002 - that's pretty generous! I'm using Slackware 10.1 at the moment and I will almost certainly have upgraded before 10.1 becomes unsupported, but I was just curious when that would be.

cwwilson721 03-31-2006 02:56 PM

As far as 'supported' goes, it will be updated/improved/changed for as long as someone has the desire to do so. That's the power of Slackware (and GNU/Linux in general): THERE IS NO ONE CENTRAL MONOLITHIC POWER.

This ain't Windows.

If someone feels like adding/updating, they do. If you need something done that nobody else is doing, figure it out and change it yourself.(Not being 'smart' about it. It's a golden opportunity for you to really learn programming, of which Slackware has a plethora of tools to accomplish that very goal)

Open Source means that anyone can change/modify the programming.(Simplistic, I know, so don't get your keyboard all fired up to bash me on this. Just trying to keep things simple here.) And keep using it.

Heck, I just installed 3.6 on an old P75 to use as a webserver and bash-about box. Slackware is great for that.

liquidtenmilion 03-31-2006 04:00 PM

I disagree completely.


Pat ultimately decides what goes into slackware, the community has ultimately no say at all. Sure, they can make suggestions, but chances are they will go unanswered. The community does NO security updates at all, it is entirely up to Pat on when, what, and which versions to upgrade.

And it is all essentially random.

cwwilson721 03-31-2006 04:05 PM

You miss my point. While it is true that Pat decides what goes into the ORIGINAL DISTRO, after that, you can do as you wish: Add whatever, subtract whatever, change whatever. The Distro itself is supported by Pat, the individual programs are still up to the individual user.

phil.d.g 03-31-2006 04:07 PM

Well, as Pat isn't providing security fixes for Slackware < 8.1, then you can assume that updates to any particular version of slackware will be made for approximately four years after release.

But as has been said, long after Pat stops releasing fixes for a version you can still make your own updates

danieldk 04-01-2006 05:53 AM

Some time ago (2002-ish) Pat used to release security updates for the current stable version and one older version (i.e. 7.1 and 8.0, later 8.0 and 8.1). Now he seems to do everything up from 8.1. I guess he has set up a nice build system for building security updates for older versions. We can't complain, 4 years is pretty good. Slack 10.2 is pretty light, so it doesn't hurt to update to 10.2 if you are still running 8.1 ;). Anyway, if older versions become unsupported, I guess 8.1 will be dropped first, 9.0 later.

Only Pat can give an definite answer to this question.

simcox1 04-01-2006 08:25 AM

It might be something to do with the kernel version. I don't know what 8.1 uses but if it's the most recent with a 2.2 kernel, that might be why it's kept up-to-date.

danieldk 04-01-2006 08:29 AM

IIRC 8.1 used 2.4.18. 8.0 was the last version with a 2.2.x (and 2.4.x) kernel. BTW 8.1 was the first version that uses the new package naming scheme for the main distribution.

Nobber 04-01-2006 04:04 PM

Quote:

Originally Posted by danieldk
Only Pat can give an definite answer to this question.

Looks like I'll have to ask him, then!

liquidtenmilion 04-01-2006 09:01 PM

I think it has to do with GCC versions and package naming schemes. Kernel really doesn't matter in security updates, but an up to date GCC is needed to compile most of the newer programs, and 8.1 comes with 2.95 as far as i can remember.


Also note that slackware 8.1 does NOT get every security update that 9.1+ get, simply because a lot of the security updates just will not compile on older versions of slackware.


Pat will essentially provide security updates for as absolutely long as possible. But as i said, if a package cannot compile on older versions, then that program will not get a security update.

In that case, you do NOT get an updated package from pat, and you also can NOT "provide your own security updates" as they won't compile anymore.



In other words, as soon as Pat stops providing some security updates, then you will no longer get security updates at all, not from pat and not from yourself.

gargamel 04-02-2006 11:14 AM

Quote:

Originally Posted by Nobber
Looks like I'll have to ask him, then!

That's what I'd suggest.

Not to offend anybody, but some of the answers to your original questions missed the point. Your question was, how long you can expect "official" support by the distributor.

While it is true that you can always apply security patches for individual packages on your own, as Slackware is based on virtually unmodified packages from the original sources, and avoids proprietary vendor patches, it is of course calming and important for production use, when you know that you can count on someone backing you.

BTW, it is not quite true that Pat V. is the only person providing patches for Slackware. He does provide them for many packages, but for some others he collects contributions from other people, assures quality and releases them, as you can read in the Changelog.

Having said that, Pat V. is still the man that makes Slackware something special, as he has a pretty unique feeling or method (not sure, actually) what makes a consistent distribution. I guess we can look forward to things to come, soon... ;-)

gargamel

danieldk 04-02-2006 11:43 AM

Quote:

Originally Posted by liquidtenmilion
Also note that slackware 8.1 does NOT get every security update that 9.1+ get, simply because a lot of the security updates just will not compile on older versions of slackware.

Security fixes can often be backported quite easily. This is what Red Hat et al do, and if I recall correctly Pat does this sometimes too.

Quote:

In that case, you do NOT get an updated package from pat, and you also can NOT "provide your own security updates" as they won't compile anymore.
You can, just look up what patch is needed. In the case of buffer overflows, off-by-ones, etc. it is usually patched quite easily.

Nobber 04-03-2006 11:54 AM

Quote:

Originally Posted by gargamel
Not to offend anybody, but some of the answers to your original questions missed the point. Your question was, how long you can expect "official" support by the distributor.

I'm glad you said that and not me... :D

By the way, no response yet from info-AT-slackware.com.


All times are GMT -5. The time now is 03:48 AM.