Re: A "which version" question
--On Thursday, December 21, 2006 12:37 PM +0100 Michael Ströder
<michael(a)stroeder.com> wrote:
Quanah Gibson-Mount wrote:
>
> So, why not just run the latest one? ;)
As Lesley wrote in his first e-mail:
Since we are utterly dependant on OpenLDAP for many things, policy is
to go with "stable".
At the moment in the 2.3 release branch the stable tag should IMO be
officially forwarded to the last releases. It's way behind the current
recommendations on the list. IMO the current situation is confusing for
deployers.
Yeah, my point is that I generally find the "stable" tag misleading, in
that the revision often marked "stable" is known to have any variety of
issues. In particular right now, there is a known DoS vulnerability in
2.3.27, which to me means in no way would I even deploy it, since there's
an existing exploit. The general policy Lesley is using I think is flawed.
;)
Stanford, obviously, uses OpenLDAP heavily, and there are literally hundred
of applications, as well as all email delivery to @stanford addresses, that
depends on it. My job is to ensure it is available 24/7. Thus, I monitor
the dev & software lists, CVS commits, etc, to make sure that I'm very
aware of what is happening, so that I can provide the best service possible
to my clients.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html