[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Discussing Lingerd's security history



Alexis Sukrieh wrote:
> I'm the maintainer of an unofficial Debian package named
> apache-lingerd[1].
> 
> Lingerd is a patch for apache that enables a better handling of dynamic
> pages serving.
> 
> The package works fine and a couple of users reported me that they 
> use it on production servers.
> 
> There is a discussion curently about including this package in the
> official Debian archive, but before I ask for such an upload to the
> debian-apache team, I'd like to discuss here the security issues about
> lingerd. 
> 
> Do you know any security problem related to the lingerd patch?

Currently I don't know of a problem, but I'll grep through my archive
as well.  Nothing found.

>                                                                Do you
> think that proving such a flavour for Apache 1.3 would be safe?

This one needs to be distributed via a patch in the Apache package?
It doesn't produce yet another module that can be maintained
separately?

If this patch doesn't create any obvious (security) problems and the
Apache maintainer would be fine with including , I don't see a
compelling reason for not including it.

> Your comments are appreciated, that would let me know if I can ask for
> an upload to the archive without putting a "trojan" inside Debian ;)

Well, you should check the source code on your own in order not to
install a trojan like what we had with the micq package a while ago...

Regards,

	Joey

-- 
Open source is important from a technical angle.             -- Linus Torvalds

Please always Cc to me when replying to me on the lists.



Reply to: