apache 1.3.26?

Keary Suska yellowdog-general@lists.terrasoftsolutions.com
Mon Jun 24 12:32:01 2002 

on 6/24/02 12:10 PM, icon@phy.duke.edu purportedly said:

> On Mon, 2002-06-24 at 13:29, Paul J. Lucas wrote:
>> On Mon, 24 Jun 2002, Stefan Jeglinski wrote:
>> 
>>> Has anyone posted a binary or src ppc rpm for this security update
>>> version?
>> 
>> Apache is trivial enough simply to build from source yourself.
> 
> I wouldn't recommend doing this at all. In fact, I'd recommend grabbing
> an src.rpm from the 7.2 updates and rebuilding it -- there are some
> things in the redhat version of apache, such as default user being
> apache vs. nobody and several other patches, not to mention an
> integrated mod_ssl.

So far, what you mention is trivial to configure oneself (unless you don't
know what you're doing), and could be counter productive is you don't use RH
conventions. You also tend to get a bloated Apache with features most people
probably won't use and certainly don't need. Additionally, if you are
working in a production environment where uptime is important, you can't do
a test build to make sure everything is working before installing an
upgrade. Just because you have an RPM doesn't mean it will always work as
expected.

For one who is adamant about the benefits of RPM for system administration
(which is debatable at times), rolling one's own RPM takes only a little
more work and will pay off in the long run. Apache comes with a spec file,
and with little editing, can be customized for any environment.

> You don't really gain much by wanting 1.3.26. You
> can also try rebuilding apache-1.3.23-14 from the 7.3 updates -- it
> should work just fine as well without the gotchas of trying to use an
> RPM from some other distro or building things from source.

If you don't care that you are running a daemon with a well known remote
exploit, then I guess you shouldn't be concerned with the newer version.
Being the administrator at a University I would think that you would since
University systems are the most often compromised and used to proxy attacks.
But then, considering your sentiment about upgrading Apache, it stands to
reason.

Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"