[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A "which version" question

--On Thursday, December 21, 2006 12:37 PM +0100 Michael StrÃder <michael@stroeder.com> wrote:

Quanah Gibson-Mount wrote:

So, why not just run the latest one? ;)

As Lesley wrote in his first e-mail:

  Since we are utterly dependant on OpenLDAP for many things, policy is
  to go with "stable".

At the moment in the 2.3 release branch the stable tag should IMO be
officially forwarded to the last releases. It's way behind the current
recommendations on the list. IMO the current situation is confusing for

Yeah, my point is that I generally find the "stable" tag misleading, in that the revision often marked "stable" is known to have any variety of issues. In particular right now, there is a known DoS vulnerability in 2.3.27, which to me means in no way would I even deploy it, since there's an existing exploit. The general policy Lesley is using I think is flawed. ;)

Stanford, obviously, uses OpenLDAP heavily, and there are literally hundred of applications, as well as all email delivery to @stanford addresses, that depends on it. My job is to ensure it is available 24/7. Thus, I monitor the dev & software lists, CVS commits, etc, to make sure that I'm very aware of what is happening, so that I can provide the best service possible to my clients.


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html