Re: A "which version" question

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Thursday, December 21, 2006 12:37 PM +0100 Michael StrÃder 
<michael@stroeder.com> wrote:

> Quanah Gibson-Mount wrote:
> > So, why not just run the latest one? ;)
>
> As Lesley wrote in his first e-mail:
>
>   Since we are utterly dependant on OpenLDAP for many things, policy is
>   to go with "stable".
>
> At the moment in the 2.3 release branch the stable tag should IMO be
> officially forwarded to the last releases. It's way behind the current
> recommendations on the list. IMO the current situation is confusing for
> deployers.

Yeah, my point is that I generally find the "stable" tag misleading, in 
that the revision often marked "stable" is known to have any variety of 
issues.  In particular right now, there is a known DoS vulnerability in 
2.3.27, which to me means in no way would I even deploy it, since there's 
an existing exploit.  The general policy Lesley is using I think is flawed. 
;)

Stanford, obviously, uses OpenLDAP heavily, and there are literally hundred 
of applications, as well as all email delivery to @stanford addresses, that 
depends on it.  My job is to ensure it is available 24/7.  Thus, I monitor 
the dev & software lists, CVS commits, etc, to make sure that I'm very 
aware of what is happening, so that I can provide the best service possible 
to my clients.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html