Cliff Pratt <enkidu(a)cliffp.com> writes:
Firstly, distro owners do NOT just freeze a package. They freeze at
version x.y.z of a package, then they backport fixes to it and produce a
package x.y.z-v, where the '-v' indicates their modified version of the
package. There's a good chance that by the time that v is 5 or 6 that
the major problems will be fixed.
This is generally not the case for the OpenLDAP server. I don't know of
any distribution that is even remotely keeping up with the major fixes
that have gone into the server since their release freeze. Red Hat
Secondly, I pay for support. If I do not use the supplied version of
software, then I do not get support. You might make the point that I
should therefore go to the distro vendor for support, and not bother
this list, and the point is a good one, and I will be pursuing that
Good luck with that. I will be stunned if Red Hat is at all capable of
supporting the version of the OpenLDAP server that they ship in a
Thirdly, if I were to listen to all the suppliers of the packages
use I should compile every single one of them! Don't get me wrong - I
totally understand that approach, and all things being equal I would
take that approach myself, but it is not possible for me to do that and
still have a life!
I think OpenLDAP's server is something of a special case, both due to the
number of serious bugs that are fixed and the pace of development.
Full disclosure: I help out with the Debian OpenLDAP packages when I have
Russ Allbery (rra(a)stanford.edu) <http://www.eyrie.org/~eagle/>