Cliff Pratt enkidu@cliffp.com writes:
Firstly, distro owners do NOT just freeze a package. They freeze at say version x.y.z of a package, then they backport fixes to it and produce a package x.y.z-v, where the '-v' indicates their modified version of the package. There's a good chance that by the time that v is 5 or 6 that the major problems will be fixed.
This is generally not the case for the OpenLDAP server. I don't know of any distribution that is even remotely keeping up with the major fixes that have gone into the server since their release freeze. Red Hat certainly isn't.
Secondly, I pay for support. If I do not use the supplied version of the software, then I do not get support. You might make the point that I should therefore go to the distro vendor for support, and not bother this list, and the point is a good one, and I will be pursuing that route.
Good luck with that. I will be stunned if Red Hat is at all capable of supporting the version of the OpenLDAP server that they ship in a meaningful way.
Thirdly, if I were to listen to all the suppliers of the packages that I use I should compile every single one of them! Don't get me wrong - I totally understand that approach, and all things being equal I would take that approach myself, but it is not possible for me to do that and still have a life!
I think OpenLDAP's server is something of a special case, both due to the number of serious bugs that are fixed and the pace of development.
Full disclosure: I help out with the Debian OpenLDAP packages when I have time.