On Wed, Dec 09, 2009 at 12:37:22PM +0000, Camaleón wrote: > On Wed, 09 Dec 2009 12:16:01 +0000, Tzafrir Cohen wrote: > > > On Wed, Dec 09, 2009 at 07:03:26AM +0000, Camaleón wrote: > > > >> - Debian Lenny (stable) is not a "rolling-update" distribution. So once > >> is released, it won't update packages just because there is a newer > >> version available "upstream". Lenny just get updated packages when > >> there is a security patch available for each of them. That is, > >> "officially" you will get only security updates. Whenever a new version > >> of any package is available (just the case of Exim) you can install it > >> "by hand" and at your own risk (by compiling, by using a backport > >> repository, by donwloading .deb file, etc...). > >> > >> - Rkhunter is just doing its job: it advices you there is a newer > >> version available for those packages and that's right. Is up to you > >> upgrading them or not. > > > > No. Rkhunter is not doing its job. Most of the installations of Exim in > > the world are by now "out of date". Hence Rkhunter is more likely to > > generate a false warning. Or even worse: to encourge the user to install > > an unsupported package. > > Well, but it is "a fact" that is oudated. And that is the warning > Rkhunter is giving to the user. No more, no less.
It's not outdated. http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.69-9/changelog -- Andreas Metzler <ametz...@debian.org> Tue, 30 Sep 2008 20:12:27 +0200 Is this outdated? Rkhunter assumes that a simple check of the version number will do. That assumption fails all too often. > > >> I, personally, would not take any step :-) > > > > So you basically your hunter is crying "old wolf" and you ignore it. > > I don't know how Rkhunter works, but it should be configurable so the > user can select what kind of warning wants to receive. So it's just the defaults that are wrong? -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il | | a Mutt's tzaf...@cohens.org.il | | best ICQ# 16849754 | | friend -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
