--On Thursday, December 21, 2006 12:37 PM +0100 Michael Ströder michael@stroeder.com wrote:
Quanah Gibson-Mount wrote:
So, why not just run the latest one? ;)
As Lesley wrote in his first e-mail:
Since we are utterly dependant on OpenLDAP for many things, policy is to go with "stable".
At the moment in the 2.3 release branch the stable tag should IMO be officially forwarded to the last releases. It's way behind the current recommendations on the list. IMO the current situation is confusing for deployers.
Yeah, my point is that I generally find the "stable" tag misleading, in that the revision often marked "stable" is known to have any variety of issues. In particular right now, there is a known DoS vulnerability in 2.3.27, which to me means in no way would I even deploy it, since there's an existing exploit. The general policy Lesley is using I think is flawed. ;)
Stanford, obviously, uses OpenLDAP heavily, and there are literally hundred of applications, as well as all email delivery to @stanford addresses, that depends on it. My job is to ensure it is available 24/7. Thus, I monitor the dev & software lists, CVS commits, etc, to make sure that I'm very aware of what is happening, so that I can provide the best service possible to my clients.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html