[BlueOnyx:14915] Re: Squirrelmail broken again

Michael Stauber mstauber at blueonyx.it
Wed Mar 12 14:56:25 -05 2014 

Hi Chris and all,

>  There are few compelling reasons to do so (other than 
> inertia... which far from a good reason, can still be a
> compelling one!)

Very good points, Chris. Let me add a bit from my point of view:

The inertia is surely catching up. I no longer consider CentOS 5 a
viable hosting platform and I'm not alone in that assessment. The
problem centers around OpenSSL, which for CentOS 5 is locked in at v0.9.8e.

All front facing services and all internal libraries that rely on
cryptology are compiled against that horribly outdated and crippled
version of OpenSSL.

This trows a wrench into the available encryption ciphers and protocols
for all services: HTTPS, POP3S, IMAPS, SMTPS, FTPS and also OpenSSH to a
lesser degree. That is already hurting and it'll only get worse as more
time passes.

If RedHat can't commit the resources to at least include a more modern
OpenSSL into the next minor release, they should just give up and
announce an earlier EOL date for RHEL5 (like Summer of 2014) and be done
with it. They did it before (including a more modern OpenSSL as separate
library and compiled the included services against it). I can't
understand why they aren't doing that now.

While I have some faith that RedHat can keep PHP-5.3 patched until the
currently scheduled EOL of RHEL5 (and its clones), the age of all
services is showing and people are ceding a lot of security and
usability related ground by clinging to CentOS 5 and its outdated
services and libraries.

As for giving up features and usability: The new BlueOnyx GUI will
probably enter public beta in four weeks.

I was contemplating making it available for CentOS 5 based BlueOnyx
5106R as well and there are reasons for doing it and reasons against it.
Now that would require a lot of haggling and code bending or possibly
upgrading the PHP of AdmServ to a newer PHP version.

Still, it would be like beating a half-dead horse.

I'm not sure I want to go there, because in the end it would make people
feel that we're still 100% committed to an OS that for all intends and
purposes should be phased out near term due to (almost criminal)
negligence on behalf of RedHat.

Am I ranting? I guess I am. Nuff of that. :p

As for Squirrelmail: I indeed don't really care much about it. I did
what I could to fix it after it got broken. But that again felt like
beating a dead horse. Both Squirrelmail and OpenWebmail are horrible
contraptions that I don't really want to bother myself with. Good
alternatives are available and it's 2014. If "Back to the Future" is
right, we'll have hoverboards next year. Still using pink roller blades
from the '80's doesn't make any sense. :p

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list