Topic: why no more support 5.5 ? -a thougth only-

[hdmueller]

One of the original ideas of e-smith was to re-cycle old redundant pc's to fully functional fire-walls. Couple months ago I have put up 2 sme5.5 firewalls in the office ( one as spare ) for our adsl connection. They are based on 120 / 133 P with 32 mb each. My secretary got a new pc this way also. Now I read that for 5.5 there are no more patches released.

I have tried to install 5.6 on one of these machines, shortly after its release and also posted my installation problems to the forum - the general answer received was that min 64 mb ram are needed. I did an http install but later learnt in the forum that the http install script with 5.6 is buggy. On the spare machine I will try now again to install 5.6 - but I am aware that this is below the min requirement - got some new "insights" lately from the forum. Hate to run this in a production environment.

Additionally I have a higher-end hardware sme5.5 ( server only mode ) in the office as file server; I will not use this box also as a firewall ( paranoia ), and doing a fresh install of 5.6 will be very troublesome and time consuming. It's a machine with a sys and data drive, and everybody warns me to do an auto-update. I will maintain this as 5.5 and server mode only. I guess that security patches are not so really needed.

sme is a great project, and for my opinion also an ideal learning tool to get used to linux. I personally would not have had the courage to put up linux in a production environment.

I see a high danger that the e-smith idea gets sabotaged by the idea "if you want the latest patch - buy a better hardware - and install everything new". This shows inconsistency in the project, its philosophy, and will put people off.
 
This as a thought only - I would not like to see the project disappear.

Comments to this are welcome.

hdmueller

[Charlie Brady]

hdmueller wrote:

> Comments to this are welcome.

It's simple, really. Mitel has decided that there is no business justification to continue to support 5.5. But, thanks to the license under which Mitel (and RedHat and others) allows you to use its software (GPL), if you, or anyone else, wishes to support SME 5.5 (or earlier), then you are free to go right ahead and do that. People will no doubt thank you for it.

Charlie

[Nathan Fowler]

Charlie, I think what is really concerning is how quickly the life cycle of a version of SME is considered legacy and no longer supported.

I understand the business concerns, however, you cannot ostracize your customers and strong-arm them into upgrading every 6 months by pulling support for "legacy" products.

hdmueller, I completely agree with everything you've said, and I too wonder why security updates are far and few between, often times not even being addressed, and why the SME products have such a short lifetime.

[Nathan Fowler]

hdmueller, note you may want to use security errata packages from http://rhn.redhat.com since SME/E-Smith is a RedHat base.

Most, if not all, packages are compatible with your system.  Note too that SME does not include every package listed on the errata site, so some updates may/may not be applicable to your system.

As always, test a package before installing it on a production box

[hdmueller]

Well, let me add another remark regarding product life cycle and consistency.

I was previously having a novell4.10 ( not 4.11) server in my office running on a compaq server ( appx 1996 model, appx 90 Ghz). Dec 1999 I applied manually all the y2k patches. 4.10 does not have a full patch for this, all the single patch pieces have to be applied manually - 4.11 does. At this time I was behind a 56k dun line and it took me 3 full days to do the job. Mid 2002 my compaq experienced the end of his product life cycle and I totally scrapped it. I did not want to go through all the work of installing novell4.10 cum all the patches new on a new machine. The novell people were not very nice to me and asked for some 1000 - 1500 usd for a product upgrade cum mandatory license extension - well I would assume 5 years later they would be doing the same again, gives me a bad feeling. I would have been willing to pay a small amount for upgrade to 4.11.  Instead of putting up a new novell server I put up a e-smith5.5  ( server mode only ). For my purpose e-smith does the job, unlike novell it does not have file-compression but under the current aspect of storage cost it does not matter so much. It is a great machine, I would not like to see it become redundant, in the software aspect.

Charly - got my point ?

hdmueller

[Michael Soulier]

hdmueller wrote:
>
> Well, let me add another remark regarding product life cycle
> and consistency.

[snip]

You are using a completely open product, free of charge. You are free to change anything about it that you like to suit you, or hire someone to do so if you are without the expertise or the inclination to do it yourself. That's the wonderful thing about open source: you can do whatever you like.

However, to take something that is made available at no cost and complain that you do not receive sufficient support for it is simply a waste of time.

We are grateful that we've been able to build on so much open software. When there is a problem with that software, which we are using at no cost, we report it to the authors such that we may benefit from a solution. If such a fix is not forthcoming, we typically fix the problem ourselves (it is open source afterall) and contribute the patch back to the project. We do not complain to the authors about the lack of support. That would be pointless, as we have paid for no support, and we try not to bite the hands that feed us.

Cheers,
Mike

[GoatTosser]

hdmueller wrote:
>
> Well, let me add another remark regarding product life cycle
> and consistency.

[snip]

[Very well argued pont snipped]

Couldn't be better said!

[Andre Courchesne - Consu]

Hi,

  I myself have used 5.5 as a standard because of the problem encountered with 5.6 and the VPN...

  I am currently installing myself a CVS server in order to install the 5.5 source code and be able to control versions, patch and security fixes at the source code level. This should allow me to include security fixes not released by Mitel.

  5.5 is great and best of all it's working. I plan to evaluate other version, but untill I see something significant I will keep on using 5.5 and provide my own support and help other if needed/interested.

Andre Courchesne - Consultant
http://www.net-forces.com

[Alberto]

Hi all....

I had the same problem with the amount off memory but I cheated the
machine, I did the set up with a 233 64m machine and the come down
to the 130 48mg and it work with no problem...

Now working with the 6.03 always with the lack off suport to the ISA
board, but I got used to make the modification to get them to work
now tring to get the Radioham gate conected direct to it.

Best regards

Al LU2FGN
www.sateliteros.com.ar

[Drew]

Andre,

Glad to hear there is someone keeping the 5.5 torch alive and well - at least for now.  Do you have a spot or package that updates a 5.5 server with all the latest security fixes and patches?  This would be a huge help, since it sounds like using the 5.6 patches "out of the box" doesn't work on a 5.5 system.

I understand the Mitel position on this from a business perspective; however, I think *security* related fixes and patches should ALWAYS be provided if at all possible.  If there really is some base level OS change that keeps a security patch from being applied to an older version then it is understandable, but otherwise there is no reason not provide the security patch.  Redhat hasn't stopped providing security patches for 7.1/7.2/7.3.

Regards,
Drew

[Michael Smith]

And let's not forget that if it's just a firewall you want, there are lots of other solutions:  m0n0wall, ipcop, smoothwall, coyotelinux spring to mind right away.  Also clarkconnect, but that might be more of a SME rival.

[Trbonja]

From my point of view sme is excelent as a server, but as border firewall it's just target considering so many serverices running. Non tech peeps will installe as it is and evenutally get in to a lot of trouble. Unlike rest of as
As previos poster wrote. use other distros that will runs just fine on P133 or 486 system:
coyotelinux (floppy based is needs least resources (386 would do just fine)
Monowall needs more resources, P133 wont cut it.
ipcop/smootwall on other hand will be best for you. Ipcop has polite community, unlike smoothwall and according to a lot of peeps much more stable ipcop 1.3 comparad to 2.0 SW. Ipcop 0.1 & SW 0.99/1 are pretty much the same with diferent gui.
Clarckconnect has nicer gui inteface (also a lot faster) but that's were all of it's advantages ends. It's not as well designed (when commes to security & functionallity as sme)
I myself use ipcop with 3 NIC red (internet) green (local lan) orange (DMZ). sme 5.5 on dmz

gl

[Michael Smith]

You're actually not giving Mitel enough credit ... SME is plenty secure right out of the box in server-gateway mode.  FTP comes disabled, as does incoming SSH and of coursel Telnet.  So it serves up a webpage ... so what?  And it's a mailserver, it's SUPPOSED to speak SMTP.  Other services?  What services are you concerned about, Trbonja?  Are you seeing something the rest of us are missing?

[Graeme Fleming]

Try running nmap against an SME box - it gets a good probing and comes up pretty well.

Personally, I sit my SME box behind a hardware router that provides an extra layer of security as well as modem failover; eliminates most of the rubbish getting to my SME box in the first place.

[Klaus Eckert]

please, anybody stop this thread.
it is not the right place to discuss your problems...

cheers klaus