[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP upgrade cycle

tor, 02.12.2004 kl. 15.05 skrev Matthew J. Smith:

> I have noticed, in my short time on this list, that the upgrade cycle
> for OpenLDAP seems to be very short.  I initially installed 2.2.6,
> because that is the only RPM available for my SuSE distro.  Then, on
> advice from this list, I compiled my own 2.2.15.  Shortly after, 2.2.17
> was released, and now 2.2.19 is available.  So, a few questions:
> *  Are most of you scheduling frequent maintenance windows to stay
> current?
> *  Is there a version of the OpenLDAP 2.x series that is "stable enough"
> and secure, perhaps at the expense of new features, that I can rely on,
> without having to upgrade for a while?
> *  When I do need to upgrade, can I do "rolling upgrades" (upgrade one
> instance at a time), or do all instances in my (SyncRepl) replication

You get the same grid with Cyrus SASL, Courier IMAP and Postfix. Not to
speak of Openssl and Sleepycat BDB.

Most of the above vendors indicate stable or recommended versions (Cyrus
doesn't, Sleepycat doesn't). On test machines I tend to go with the
latest snapshots *OF THE ABOVE*; I compile, configure and install all of
them myself (not Apache, Gnome, whatever - there I let my vendor (Red
Hat, since I have to support RHAS/RHEL3 up2date updates) decide.

On client rigs I run latest stable of the self-compiled above. So
clients are running OL 2.2.17, Courier IMAP 3.0.7, Postfix 2.1.5 etc.
When new stable versions are announced, I'll consider upgrading them
according to mutterings and mumblings on each respective mailing list,
on CERT, SANS or whatever. Sometimes Dieter K., Quanah  and people like
them grab me by the short and hairies, shake them and exhort me to
update Cyrus, BDB or whatever; I usually do that, since they're my


Nothing sucksseeds like a pigeon without a beak ...

mail: tonye@billy.demon.nl
They love us, don't they, They feed us, won't they ...