[ale] Redhats package naming convention

Fulton Green ale at FultonGreen.com
Tue Sep 17 11:01:02 EDT 2002


Yeah, what Jerry said, plus ...

On Tue, Sep 17, 2002 at 10:40:33AM -0400, Billy Quinn wrote:
> I've downloaded openssl-0.9.6b-28 from redhat.com , which is their latest
...
> I guess my question is , the number after 0.9.6b seems to be a build number
> - Redhat do not seem to change the version ( in the case the 0.9.6b) ?  I'm
> not intimately familiar with their package naming convention , and I need to
> make sure the build number increase is some kind of patching . In other

Yep, that's a Red Hat-specific build number. Sometimes it reflects patches
applied by RH to the package's codebase; other times it's simply indicative
of a package recompilation (usually with an upgraded compiler and/or
toolchain).

> distro's ( Mandrake ) , you can find rpm's for 0.9.6e and above which is
> what openssl group recommend - apparently Redhat just bump up the build
> number of the base package.

I find this frustrating with RH, but I think I know what's going on ...
either the "letter revisions" have API changes that need to be reflected
in SSL-dependent packages (which are several) that may still be assuming a
2.9.6b API, or RH deems the SSL revision to be too unstable after a certain
time cutoff point.

> Can anyone doubly verify that the openssl-0.9.6b-28 has all the patches to
> prevent SSL exploits ( like the openssl-0.9.6e-g releases from the openssl
> group ) ? I'm replacing some IIS servers , and last thing I want to do is
> have the Apache servers hit with that worm/SSL exploit  !

The only way to find this out for sure is to look at the Errata portion of
RH's support page. You'd also want to look for an updated Apache and/or
HTTPD package and an updated mod_ssl package.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list