Hi all, I am relatively new to RH and fedora. I have no production servers in place for either distro and have only been playing with it for a short while, so please forgive me if I seem to sound clueless with the handling of rpm's and up2date. I am used to downloading the source (for any package) and compiling it myself and maintaining it myself. RH/FC has up2date and rpm's. I've discovered that the latest version of something available via up2date (or even on rpmfind.net) is NOT the latest recommended version on the "vendors" site. For instance, I use openssl. Well www.openssl.org has 0.9.7d available and is the recommended stable and secure release of openssl. Well the latest version from up2date that I have found is openssl 0.9.7a I have only used the one mirror that I have setup thus far. On my machine "rpm -qi openssl" returns info on openssl-0.9.7a-33.10. I am trying to learn the ways of rpm's and get accustomed to it's convienence. However, if I need to break from the standard to comply with security vulnerabilities on select software, then it's really not doing me any good in the long run. Can anyone remark or comment to help me either correct my ignorance or share with me what you do to combat needing to maintain both ways of administrating your machines? Thanks in advance.. -k
