[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Various issue with stable/tomcat4

Arnaud Vandyck <avdyk@debian.org> writes:
> Our problem is Tomcat4 is no more supported, we all focus on Tomcat5.
> Tomcat4 will be patched only if a security problem is discovered.

Umm, tomcat4 is in Sarge (although not in main), so it should still be
supported, at least for RC bugs. You can of course argue that none of
Marc's bugs are RC.

>>  - tomcat4 JK connector is only available once all instances have
>>    initialized correctly. If the Apache JK connector attempts a
>>    connection before JK is ready, tomcat4 hangs forever, Apache reports
>>    and internal error without logging it to the error_log

This has a trivial bypass: start Apache only after tomcat4 has
started. That's how I do it in all my installations... Not an RC bug,

>>  - tomcat4 cannot be restarted immediately, a delay of at least 2
>>    minutes must be observed. This could be due to a missing SO_REUSE
>>    socket option for the JK Connector, as this problem doesn't exist
>>    for the other connectors (e.g. WWW as used by Apache Proxy)

This again is not an RC bug as it can be bypassed by the delay.

>>  - tomcat4 cannot be stopped properly (the init script kills it after
>>    some time)

What do you mean by this? I can easily stop tomcat4 in all of my Sarge
installations, with mod-jk and without it. This too is only an
important bug, so even though you can report all of these, there
probably won't be a fix forthcoming.

* Sufficiently advanced magic is indistinguishable from technology (T.P)  *
*           PGP public key available @ http://www.iki.fi/killer           *

Reply to: