Thank you so much Fernando, that was exactly what I was looking for :) Much appreciated.
Thanks, Versha From: [email protected] [mailto:[email protected]] On Behalf Of Fernando Lozano Sent: Tuesday, 17 March 2015 11:49 PM To: [email protected] Subject: Re: Why RedHat doesnt support Higher Versions of Subversion Hi Versha, Brief context from our side: We are basically using RHEL6 for our build infrastructure, and as a part of Vulnerability management we found that Subversion1.6 is no longer supported by Apache and we need to upgrade it to a higher version like 1.7 or 1.8 . That is why I was looking forward for some authentic information to proceed with a proper reason in this area. Subversion 1.6 may not be supported anymore by Apache Foundation, but it is supported by Red Hat itself. If there's any security or stability fix released for newer Subversion, Red Hat has a contractual agreement with you to backport those fixes to the older Subversion included in RHEL. This is part of your subscription. >From a legal standpoint Red Hat support is better than Apache support because >the first is assured by a contract (your subscription agreement) and comes >with well defined SLA terms. Apache support provides no assurances. Do you >have a support contract with Apache Foundation? You as a Red Hat customer can >open support tickets for subversion and Red Hat may well develop fixes and >patches itself, before Apache. Those patches will later be submitted to Apache >so they become part of the upstream Subversion. You can check if you downloaded the lastest Subversion updated released by Red Hat and use: # rpm -i --changelog subversion | grep -i cve to look for specific vulnerabilities fixed and so you can prove you already have vulnerabilities fixed by newer Subversion from Apache. Also, do you have any idea when Redhat is going to have a higher version of apache Subversion in near future? :) As someone already explained, the stability / compability / certification assurance from your RHEL subscription implies Red Hat will only update major versions of most packages on a new RHEL series. So you'd have to move to RHEL7 if you really need a newer subversion, but If your problem is just satisfying a security audit you should be fine with RHEL6 updates. Someone also already explained you can get a (free?) subscription to software collections to get newer releases for some packages, but I don't know if those include Subversion and if those are subject to the same support terms as regular RHEL packages. []s, Fernando Lozano
-- redhat-sysadmin-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
