TurnKey Linux Virtual Appliance Library

Turnkey LAMP, Upgrades and Deprication

Hi all. I am a newbie with linux (let me just say, without TKL I probably would have ended up going with Windows, gulp)... I only opened up my first console a few months ago, so although I've learned lots, my understanding of linux is only fledgling. I've developed a PHP application for a product we are rolling out, and some clarification on the following could REALLY help me sleep better at night :o)

Am I to assume that the LAMP components (Apache, PHP, Mysql) are receiving automatic updates by default but to upgrade any of these would require me to go in and actually do an upgrade? What I'm asking is, no components would actually upgrade to a newer version without me doing it, right?

My instincts totally tell me that an automatic upgrade to a newer version of ANYTHING would be like playing russian roulette with an application, but I could really use someone in the know to say "no, of course that would never happen, that would be just silly." :)

The thing that got me on this is the whole concept of depricated components in PHP. There's a firestorm of debate online as to why they'd discontinue some components in new versions if they work fine the way they are for some applications. (or simply a lot of work to change a lot of code for no new functionality)... I am not saying components should never be removed from libraries with new versions, but I need to know absolutely that upgrading to new versions will always be a result of my decision and action, not some automatic update that my LAMP stack is insidiously set to execute at some devastating point in my future.

Thanks all. I love TKL. 

Rick

Jeremy's picture

You're in luck! - or - The beauty of Linux...

In Linux (at least in most mainstream releases) by default anything installed from the repository (I guess sort of like an app store - but actually significantly predates app stores...) won't update the version. And most times even if you wanted to update to a new version, you often actually have to compile it from source yourself or some other sort of hackery (so in that respect it can sometimes be a pain). 

So in your example, Apache, MySQL and PHP will all remain at the current version. But that doesn't mean that there won't be updates... It's just that security patches are backported to the current version. This gives you a degree of the best of both worlds - security bugs are resolved, but the specific functionality of the specific version (including non-security bugs and any features that are only included in later versions) remain.

So there is a slim chance that a security update will break something, but the risk is very low. So low in fact that all security patches are applied automatically every night in a TKL appliance (whenever they are available). In my ~4-5 yr experience with TKL that has only caused an issue once (and that was prior to TKL moving to a Debian base, back when it was based on Ubuntu). And the issue didn't actually break anything other than the auto security updates - and the issues was quite publicly announced via both blog post and via email to everyone subscribed to TKL security alerts (which if you are not subscribed to I suggest you do that now...).

The downfall in all of this is like I hinted at above, if you actually wanted a later version of software that is not available via the default Debian (or TKL) repos then it can be quite painful to do and will involve a fair bit of work on your behalf. This is because Debian (the base of TKL) prioritises stability (and security) and doesn't buy into the idea that you need 'the latest and greatest'.

The only time this potentially becomes an issue is when the old version of Debian is depreciated. New versions of Debian often take years of development and even once a new version is released, the old version continues to recieve support (by way of security updates/patches) for at least 12mths following the official release of the next stable version. At this stage the next Debian version (7.0/Wheezy) is still in 'testing', so even if it was released tomorrow (which is highly unlikely) you would still have 12mths to do testing, tweaking and plan your migrate to the newer version.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)