Re: Discussing Lingerd's security history
* Martin Schulze (firstname.lastname@example.org) disait :
> Currently I don't know of a problem, but I'll grep through my archive
> as well. Nothing found.
> This one needs to be distributed via a patch in the Apache package?
> It doesn't produce yet another module that can be maintained
Indeed, this is a patch to Apache itself and it has to be a new flavor,
according to Fabio Massimo Di Nitto (email@example.com) advices.
I made the package following Fabio's advices and he is ok with the way
the flavour is made.
> If this patch doesn't create any obvious (security) problems and the
> Apache maintainer would be fine with including , I don't see a
> compelling reason for not including it.
The patch is small and changes only the way Apache manages connections
(lingers), there's also a binary provided with the apache-lingerd
package which is the "lingerd" daemon which takes care of closing
The Apache's patch is needed to make it aware of that daemon, in fact.
> > Your comments are appreciated, that would let me know if I can ask for
> > an upload to the archive without putting a "trojan" inside Debian ;)
> Well, you should check the source code on your own in order not to
> install a trojan like what we had with the micq package a while ago...
I personnaly don't see a good reason why that patch would brings
security holes, I asked the Security team in order to see if there were
security issues already known about that topic.
If you don't think so, according to my experience with the package, I
think that it should be ok.
Thanks a lot for your comments.
Alexis Sukrieh <firstname.lastname@example.org>
« Quidquid latine dictum sit, altum sonatur. »
Whatever is said in Latin sounds profound.