Products Partners Download Buy Network About Community Help  

Gateway Services Overview

Application Services Antispam ASP Antivirus ASP Bandwidth Monitor Content Filter Updates Intrusion Detection Updates Managed VPN Security Audits Software Updates System Monitor Weekly Reports


Contact Us
  Sales Enquiry
  Tech Support

 
         
  Current Document and Section   Other Documents  
  - Documentation
    - Gateway Services Guide
   User Guide
DNS and Domains
Release Notes
Howtos
  
 

Services - Backporting

Contents

[edit] Overview

Many of the core software packages from ClarkConnect are derived from Red Hat Enterprise Linux. One of their policies is to maintain a high level of stability for all their Linux releases. This policy is different from some other Linux distributions where the focus is on the releasing a solution with all the latest and greatest features (for example, Fedora Linux).

For various reasons, ClarkConnect has also adopted the Red Hat policy - stability first.

[edit] Backporting - How It Works

So how does the stability first policy impact the software development cycle in ClarkConnect? Here is a scenario for the fictional Widget software:

  • September 2006 - ClarkConnect 4.0 released with Widget 2.0.0
  • November 2006 - Widget 2.1.0 released
  • December 2006 - Widget 2.1.1 released - a simple but important security update

For Linux distributions shipped with the Widget 2.1.0, it is simply a matter of upgrading the software from the Widget software company. With the stability first policy in place, the software developers for ClarkConnect did not want to add all the extra features found in Widget 2.1.x just to fix one security issue. Instead, the simple security fix from version 2.1.1 was backported to the 2.0.0 version and released as 2.0.1. With this backporting complete, only a minor change to the ClarkConnect system was required.

To paraphrase the entry in Wikipedia: Backporting is the action of taking a certain software modification (patch) and applying it to an older version of the software.

[edit] Security Scanning Limitations

Backporting is an important tool for keeping an operating system stable and secure. However, you may run across security scanning tools that report security issues with the versions of software running on a ClarkConnect system. For example, we receive the following types of messages via our technical support system or in the Community Forums:

XYZ was identified with an outdated version of OpenSSH according to the banner presented upon connection. They (the security experts) have determined this exploit to be high on the vulnerability matrix and suggest we receive an update from our vendor.

In this case, the OpenSSH banner was indeed displaying an older version. What the so-called security experts failed to mention was the widely used technique of backporting. Most reputable security scanning tools report this kind of scenario in a more accurate tone.

[edit] Links

Retrieved from "http://www.clarkconnect.com/docs/Services_-_Backporting"

This page has been accessed 1,195 times. This page was last modified 04:52, 19 October 2007.


 
   
Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License.

Company | Contact | Legal | Help | Login