bitten yet again by ancient packages in CentOS (and RHEL)

This is not a CentOS issue in that they merely rebuild the RHEL sources without the copyrighted bits.
But its getting to the point where the RHEL bits are so badly out of date, that the platform is rapidly getting to the point of unusability. When I have to rebuild packages from source, as no up-to-date patched source RPM or even binary RPM exists for little used packages such as, I dunno … apache? then mebbe something is profoundly and deeply amiss.
Backstory: I’ve been fighting an annoying bug plaguing RequestTracker, whereby it would spontaneously drop its database, with no warning, apart from simply eating tickets. It never did this until about 6 months ago, and then it was random. Main features are that it complains its connection via DBD::mysql hung up. Yeah, obviously the code should try to reconnect. We are running a little bit of a dated RT, I simply don’t have time to update. RT is somewhat finnicky on its updates. Which makes it a pain in the rear sometimes. When it works, its terrific. When it doesn’t … not so much terrific.
So I started tracing this down.
First sanity check. Are there package updates? No.
Second sanity check. What is the version difference, and how old is it?

rpm -qa | grep httpd-2

and according to apache …. 2.2.15 was released in 2010. See here. More than 3 years ago. Sure, I bet they backported some security fixes. Probably a few bug fixes.
I dunno. This is getting old.
Its not the worst. No, not the worst at all.

perl -v
This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi
Copyright 1987-2009, Larry Wall

Latest releases in each branch of Perl
Major	Version	Type	Released	Download
5.18	5.18.0	Maint	2013-05-18	perl-5.18.0.tar.gz
5.16	5.16.3	Maint	2013-03-11	perl-5.16.3.tar.gz
5.14	5.14.4	End of life	2013-03-10	perl-5.14.4.tar.gz
5.12	5.12.5	End of life	2012-11-10	perl-5.12.5.tar.gz
5.10	5.10.1	End of life	2009-08-23	perl-5.10.1.tar.gz
5.8	5.8.9	End of life	2008-12-14	perl-5.8.9.tar.gz
5.6	5.6.2	End of life	2003-11-15	perl-5.6.2.tar.gz
5.5	5.5.4	End of life	2004-02-23	perl5.005_04.tar.gz
5.4	5.4.5	End of life	1999-04-29	perl5.004_05.tar.gz
5.3	5.3.7	End of life	1996-10-10	perl5.003_07.tar.gz

Yes, thats right. Not only is the perl 5.10 release EOL, its two successor versions are also EOL.
I appreciate that RedHat’s mission is to build a solid and supportable stable system. I just argue that since RHEL 6 came out last year, maybe, just maybe, it might make sense to update some of these packages to the current revisions?
It should be noted that the same thing is true in python, with a version that doesn’t quite work with some of the new software we’ve needed to run or develop.
I used CentOS to make sure we’ve got a stable platform. I wasn’t thinking mummification. And since we eat our own dog food (e.g. run our platforms to support our business), I’ve run into this *many* times now. So much so that I am starting to worry about using this as the base of our point (appliance) systems. If I have to rebuild everything because the distro builder (RedHat in this case) has decided to use things that are broken in the distro for “stability” reasons (curious definition of stability there, though I guess broken is indeed stable), what exactly is the point of using that as a base?

4 thoughts on “bitten yet again by ancient packages in CentOS (and RHEL)”

Comments are closed.