CHAT KHODA wrote: > 1-If I run YUM daily will I guaranty my server's > security paching? (either this case or other cases). > 2-If I install Postfix 2.2.2 by using YUM do I have > any security patch that fixed in 2.2.5? It seems that > when they consider a patchlevel field in their > numbering system they mean that these two packages are > not in the same condition in terms of security > issues.(or at least I think so). If you want to be sure, you can follow the Postfix announce list at http://www.postfix.org/lists.html and the Fedora announce list at http://www.redhat.com/mailman/listinfo/fedora-announce-list to see security issues being discovered and patched by the "upstream" Postfix project and by Fedora. You can also see how many security vulnerabilities there have been recently (one, and that only in a third party patch) at, say http://news.gmane.org/gmane.mail.postfix.announce/cutoff=81 . Note that the most recent post says: > As always, the stable release does not change except for bugfixes, > portability fixes or disasters. Portability fixes tend not to affect Fedora, and not all the bugfixes are serious enough to warrant going into FC4 RPMs (they'll probably be in FC5, though). But the only way to guarantee a server is to unplug the cables... Hope this helps, James. -- E-mail address: james | "This thing is bigger than the both of us!" @westexe.demon.co.uk | "Oh Tom! It's ... it's an elephant!"
