The plan is for EPEL packages to get updates as long as the corresponding RHEL release is supported. That is 10 years after the initial release according to the current errata support policy for 5 and 6 releases.
--- How can we be sure that someone will maintain the packages until end of life of the distribution the packages were built for?
The only way to be sure is to do it yourself, which is coincidentally the reason EPEL was started in the first place.
Software packages in EPEL are maintained on a voluntary basis. If you to want ensure that the packages you want remain available, get involved directly in the EPEL effort. More experienced maintainers help review your packages and you learn about packaging. If you can, get your packaging role included as part of your job description; EPEL has written a generic description that you can use as the basis for adding to a job description.
We do our best to make this a healthy project with many contributors who take care of the packages in the repository, and the repository as a whole, for all releases until RHEL closes support for the distribution version the packages were built for. That is ten years after release (currently) -- a long time frame, and we know a lot can happen in ten years. Your participation is vital for the success of this project. "
Genau das passiert bei RHEL 5, 6 und 7 nicht, da Red Hat immer sofort fixt. Notfalls wirft Red Hat unsichere, unfixbare Software sofort aus der Distro (Adobe Reader, Helix Player).
Diese annähernd hundertprozentige Sicherheit geht beim Einbinden von Third-Party-Repos zwangsläufig verloren. Der "Sich-in-punkto-Sicherheit-um-nichts-kümmern-müssen-Vorteil" ist dahin.
Bei Ubuntu LTS kann ich dieses Sicherheitsniveau z.B. dadurch erreichen, dass ich meine Softwareauswahl auf Ubuntu Main beschränke.
Das ist nicht als Vorwurf an das EPEL-Projekt gemeint.
Es geht hier um Grundsätzliches.
Siehe hierzu:
https://fedoraproject.org/wiki/EPEL/FAQ#How_long_are_EPEL_packages_updated.3F
"
--- How long are EPEL packages updated?
The plan is for EPEL packages to get updates as long as the corresponding RHEL release is supported. That is 10 years after the initial release according to the current errata support policy for 5 and 6 releases.
--- How can we be sure that someone will maintain the packages until end of life of the distribution the packages were built for?
The only way to be sure is to do it yourself, which is coincidentally the reason EPEL was started in the first place.
Software packages in EPEL are maintained on a voluntary basis. If you to want ensure that the packages you want remain available, get involved directly in the EPEL effort. More experienced maintainers help review your packages and you learn about packaging. If you can, get your packaging role included as part of your job description; EPEL has written a generic description that you can use as the basis for adding to a job description.
We do our best to make this a healthy project with many contributors who take care of the packages in the repository, and the repository as a whole, for all releases until RHEL closes support for the distribution version the packages were built for. That is ten years after release (currently) -- a long time frame, and we know a lot can happen in ten years. Your participation is vital for the success of this project. "
Genau das passiert bei RHEL 5, 6 und 7 nicht, da Red Hat immer sofort fixt. Notfalls wirft Red Hat unsichere, unfixbare Software sofort aus der Distro (Adobe Reader, Helix Player).
Diese annähernd hundertprozentige Sicherheit geht beim Einbinden von Third-Party-Repos zwangsläufig verloren. Der "Sich-in-punkto-Sicherheit-um-nichts-kümmern-müssen-Vorteil" ist dahin.
Bei Ubuntu LTS kann ich dieses Sicherheitsniveau z.B. dadurch erreichen, dass ich meine Softwareauswahl auf Ubuntu Main beschränke.
Welch ein Unsinn
EPEL ist Teil der Fedora-Infrastruktur
Das ist was völlig anderes als Ubuntu/Cannoncial
Erst informieren und dann Behauptungen aufstellen
https://koji.fedoraproject.org/koji/builds?tagID=78&inherited=0&order=-completion_time
https://koji.fedoraproject.org/koji/packageinfo?packageID=2556
mod_security-2.6.8-6.el5 2014-04-18 16:12:34