Re: 'exim', version '4.69', is out of date

To: debian-user@lists.debian.org
Subject: Re: 'exim', version '4.69', is out of date
From: Tzafrir Cohen <tzafrir@cohens.org.il>
Date: Wed, 9 Dec 2009 13:45:39 +0000
Message-id: <[🔎] 20091209134533.GY30903@pear.tzafrir.org.il>
In-reply-to: <[🔎] pan.2009.12.09.12.37.23@gmail.com>
References: <[🔎] 200912081627.42068.ale@pcartwright.com> <[🔎] pan.2009.12.08.21.37.14@gmail.com> <[🔎] 200912081748.24799.ale@pcartwright.com> <[🔎] pan.2009.12.09.07.03.26@gmail.com> <[🔎] 20091209121600.GX30903@pear.tzafrir.org.il> <[🔎] pan.2009.12.09.12.37.23@gmail.com>

On Wed, Dec 09, 2009 at 12:37:22PM +0000, Camaleón wrote:
> On Wed, 09 Dec 2009 12:16:01 +0000, Tzafrir Cohen wrote:
> 
> > On Wed, Dec 09, 2009 at 07:03:26AM +0000, Camaleón wrote:
> > 
> >> - Debian Lenny (stable) is not a "rolling-update" distribution. So once
> >> is released, it won't update packages just because there is a newer
> >> version available "upstream". Lenny just get updated packages when
> >> there is a security patch available for each of them. That is,
> >> "officially" you will get only security updates. Whenever a new version
> >> of any package is available (just the case of Exim) you can install it
> >> "by hand" and at your own risk (by compiling, by using a backport
> >> repository, by donwloading .deb file, etc...).
> >> 
> >> - Rkhunter is just doing its job: it advices you there is a newer
> >> version available for those packages and that's right. Is up to you
> >> upgrading them or not.
> > 
> > No. Rkhunter is not doing its job. Most of the installations of Exim in
> > the world are by now "out of date". Hence Rkhunter is more likely to
> > generate a false warning. Or even worse: to encourge the user to install
> > an unsupported package.
> 
> Well, but it is "a fact" that is oudated. And that is the warning 
> Rkhunter is giving to the user. No more, no less.

It's not outdated. 
http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.69-9/changelog
-- Andreas Metzler <ametzler@debian.org>  Tue, 30 Sep 2008 20:12:27 +0200

Is this outdated?

Rkhunter assumes that a simple check of the version number will do. That
assumption fails all too often.

>  
> >> I, personally, would not take any step :-)
> > 
> > So you basically your hunter is crying "old wolf" and you ignore it.
> 
> I don't know how Rkhunter works, but it should be configurable so the 
> user can select what kind of warning wants to receive.

So it's just the defaults that are wrong?

-- 
Tzafrir Cohen         | tzafrir@jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir@cohens.org.il |                    |  best
ICQ# 16849754         |                    | friend

Reply to:

Follow-Ups:
- Re: 'exim', version '4.69', is out of date
  - From: Camaleón <noelamac@gmail.com>

References:
- 'exim', version '4.69', is out of date
  - From: Paul Cartwright <ale@pcartwright.com>
- Re: 'exim', version '4.69', is out of date
  - From: Camaleón <noelamac@gmail.com>
- Re: 'exim', version '4.69', is out of date
  - From: Paul Cartwright <ale@pcartwright.com>
- Re: 'exim', version '4.69', is out of date
  - From: Camaleón <noelamac@gmail.com>
- Re: 'exim', version '4.69', is out of date
  - From: Tzafrir Cohen <tzafrir@cohens.org.il>
- Re: 'exim', version '4.69', is out of date
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: Please include Adobe Air in official non free and contrib repository for lenny
Next by Date: Re: Why CUPS?
Previous by thread: Re: 'exim', version '4.69', is out of date
Next by thread: Re: 'exim', version '4.69', is out of date
Index(es):
- Date
- Thread