Re: Database corruption revisited.

[Russ Allbery <rra@stanford.edu>]

Cliff Pratt <enkidu@cliffp.com> writes:

> Firstly, distro owners do NOT just freeze a package. They freeze at say
> version x.y.z of a package, then they backport fixes to it and produce a
> package x.y.z-v, where the '-v' indicates their modified version of the
> package. There's a good chance that by the time that v is 5 or 6 that
> the major problems will be fixed.

This is generally not the case for the OpenLDAP server.  I don't know of
any distribution that is even remotely keeping up with the major fixes
that have gone into the server since their release freeze.  Red Hat
certainly isn't.

> Secondly, I pay for support. If I do not use the supplied version of the
> software, then I do not get support. You might make the point that I
> should therefore go to the distro vendor for support, and not bother
> this list, and the point is a good one, and I will be pursuing that
> route.

Good luck with that.  I will be stunned if Red Hat is at all capable of
supporting the version of the OpenLDAP server that they ship in a
meaningful way.

> Thirdly, if I were to listen to all the suppliers of the packages that I
> use I should compile every single one of them! Don't get me wrong - I
> totally understand that approach, and all things being equal I would
> take that approach myself, but it is not possible for me to do that and
> still have a life!

I think OpenLDAP's server is something of a special case, both due to the
number of serious bugs that are fixed and the pace of development.

Full disclosure: I help out with the Debian OpenLDAP packages when I have
time.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>