apache 1.3.26?

[Paul J. Lucas]

On 24 Jun 2002, Konstantin Riabitsev wrote:

> In fact, I'd recommend grabbing an src.rpm from the 7.2 updates and
> rebuilding it -- there are some things in the redhat version of apache, such
> as default user being apache vs. nobody

	If you administer Apache and you don't know enough to edit the
	configuration file to set it for your site, you shouldn't be
	administering it in the first place.

	At least on Solaris, there is a reason you might want to keep
	the process owner as "nobody."  Under Solaris, "nobody" has
	fewer access privileges that regular non-root users.  Granted,
	this is a Linux mailing list; but there are plenty of mixed
	environments and having a single configuration is a big help.

	Anyway, having "apache" as the process owner means squat.  It
	doesn't matter what the name of the user is just so long as
	it's not root.  You can call it www, web, or scooby for all it
	cares.

> and several other patches, not to mention an integrated mod_ssl.

	1. You can easily build in mod_ssl yourself.
	2. Unless you're using SSL *and* have a valid certificate, this
	   is irrelevant.

> You don't really gain much by wanting 1.3.26.

	Except the recent security-hole fix.  That's the entire point of
	that release.

> You can also try rebuilding apache-1.3.23-14 from the 7.3 updates -- it
> should work just fine as well without the gotchas of trying to use an RPM
> from some other distro or building things from source.

	There are no "gotcha's" in building from source.  If somebody
	is a sysadmin and can't build Apache from source, s/he should
	be fired for being incompetent.

	- Paul