[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#256713: Apache security update made my website disappear

On Mon, 28 Jun 2004, Ian Jackson wrote:

> Package: apache
> Version: 1.3.26-0woody5
> The security update to apache changed my httpd.conf and srm.conf in a
> way that meant my system's website disappeared.
> I did get offered `Save these changes to the configuration files? [Y/n]'
> and said yes, but:

You accepted a new configuration without checking it. It is exactly the
same as many other tools to handle configurations.

>  * Security updates should be safe.  In particular, security updates
>    should be doable with less care, checking, presence of mind,
>    etc. etc. than an elective upgrade.

Negative. Security updated fix a bit of the code. The rest of the package
stays the same. Please check:


for more information.

>  * The default should not be to override a user-changed configuration.

You asked for it once you told the script "Yes". You have been prompeted
and warned.

>  * The default should not be to disable an existing website by
>    changing the DocumentRoot to the Debian default.

Same as above.

>  * The question was preceded by a large amount of largely irrelevant
>    messages.

This is not true in sarge/sid anymore.

In any case there is nothing left as a bug in here.


<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.

Reply to: