[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Discussing Lingerd's security history

* Martin Schulze (joey@infodrom.org) disait :
> Currently I don't know of a problem, but I'll grep through my archive
> as well.  Nothing found.

> This one needs to be distributed via a patch in the Apache package?
> It doesn't produce yet another module that can be maintained
> separately?

Indeed, this is a patch to Apache itself and it has to be a new flavor,
according to Fabio Massimo Di Nitto (fabionne@debian.org) advices. 
I made the package following Fabio's advices and he is ok with the way
the flavour is made.

> If this patch doesn't create any obvious (security) problems and the
> Apache maintainer would be fine with including , I don't see a
> compelling reason for not including it.

The patch is small and changes only the way Apache manages connections
(lingers), there's also a binary provided with the apache-lingerd
package which is the "lingerd" daemon which takes care of closing
The Apache's patch is needed to make it aware of that daemon, in fact.

> > Your comments are appreciated, that would let me know if I can ask for
> > an upload to the archive without putting a "trojan" inside Debian ;)
> Well, you should check the source code on your own in order not to
> install a trojan like what we had with the micq package a while ago...

I personnaly don't see a good reason why that patch would brings
security holes, I asked the Security team in order to see if there were
security issues already known about that topic.

If you don't think so, according to my experience with the package, I
think that it should be ok.

Thanks a lot for your comments.

Kind Regards,


                                  Alexis Sukrieh <sukria@sukria.net>

« Quidquid latine dictum sit, altum sonatur. » 
Whatever is said in Latin sounds profound.

Reply to: