I see that the PHP5 version in the official repository (OSS) is outdated and dangerous to use. I can’t find a newer version in the official update repo either.
Can someone please explain? Thanks.
Hi
It’s sitting in test…
https://build.opensuse.org/package/files?package=php5&project=openSUSE%3A11.4%3AUpdate%3ATest
Remember, check the changelogs as fixes are backported so don’t rely on just version numbers.
https://build.opensuse.org/package/files?package=php5&project=openSUSE%3A11.4
Hi, and thanks for a quick reply! 
I’m not that familiar with the SUSE’s package and update system since I’m all new here. I’m currently using Ubuntu and is used to having updates back ported to the original version, as you wrote, immediately after the php team has released a security patch/new version.
One thing that concerns me, if I’ve not misunderstood anything, If I had ran a SUSE web server now with the php5 package from OSS, and had been running updates as usual, would my server had been at risk (while the new package is undergoing testing)?
It seems like the original OSS package has not been updated, neither had security fixes back ported, for a long while, and that was the thing that triggered my concern in the first place while trying to figure out how SUSE handles security updates for these very critical packages.
Hi
Well it appears the issues are classified ‘medium’ so maybe that’s why
it’s taking awhile to be release?
https://build.opensuse.org/maintenance/qa_11.4
Planned release is 2011-06-29 there is nothing stopping you grabbing
the test release… 
–
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.5-desktop
up 3 days 3:33, 3 users, load average: 0.02, 0.07, 0.06
GPU GeForce 8600 GTS Silent - Driver Version: 270.41.19
On 2011-06-14 04:36, desire linux wrote:
>
> Hi, and thanks for a quick reply!
>
> I’m not that familiar with the SUSE’s package and update system since
> I’m all new here. I’m currently using Ubuntu and is used to having
> updates back ported to the original version, as you wrote, immediately
> after the php team has released a security patch/new version.
Suse backports security patches to the released version. A new version is
never released officially, so that new package that is in testing will
never be official.
If you are concerned, you have to ask in the security mail list. Or bugzilla.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)
Maybe.
Still I think it’s a bad idea to run PHP on a server with several medium classified security issues.
How does that work? Will I experience conflicts between the test and the official later?
On 2011-06-15 11:06, desire linux wrote:
> How does that work? Will I experience conflicts between the test and
> the official later?
There will be no “official” later. That’s against policy, as I explained.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)