[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: libapache2-mod-socket-policy-server (an Apache2 module for serving Adobe socket policy files)

On 09/21/2011 11:43 AM, Thomas Goirand wrote:
On 09/21/2011 12:49 PM, Daniel Kauffman wrote:
... for serving Adobe socket policy files.
What's that? How do you make them?

Adobe Flash Player (since version will not open a socket connection to a server unless the server first authorizes the connection via an Adobe socket policy. This module serves these policies. (Adobe uses a non-standard protocol for serving these policies, hence the existence of this module.)

Adobe socket policies are configured using XML. A selection of pre-configured socket policies are available in:


And more information about socket policies in particular, and cross domain policies in general, is available from the Adobe Cross Domain Policy File Specification:


Other useful links discussing Adobe socket policies:



The package is ready for sponsorship and can be downloaded from:


The updated package is ready for download.

1/ The package is a native package, which isn't required for an Apache
module IMO. Please read about it in the Debian policy manual.

There is no upstream, so it seemed appropriate to create a native package... is that incorrect? I didn't see a reference to quilt in the Debian Policy Manual and the Debian New Maintainers' Guide section 2.9 seems to suggest that a native package is ok where there is no upstream. The native format seems a little simpler. But if I'm missing something, and the quilt format is preferable, I can switch to that.

2/ The package has apache2-threaded-dev as Build-Depends, any reason
why it wouldn't work with apache2-prefork-dev also? Also, having a
binary package with "apache2 | apache2-mpm" seems strange to me.

I agree, both of those seemed a little odd to me as well. I had referenced the instructions on:


And it seems that building against the threaded headers results in a module that works with both threaded and non-threaded versions of apache2. In my case, I built the module against apache2-threaded-dev and have no issues running the module with either apache2-mpm-worker or apache2-mpm-prefork.

The binary dependency on "apache2 | apache2-mpm" was from those same instructions. Some apache2 modules use this construct, and some don't. All four of the apache2-mpm-* packages provide both names. I'm not sure what the reasoning is behind this, though it is interesting that apache2 is a package and apache2-mpm is a virtual package. Perhaps this is some sort of historical artifact?

3/ It'd be nice to use the DEP5 format for debian/copyright. Please see
http://dep.debian.net/deps/dep5/. It's still a candidate, so it's not a
requirement though.

Updated, no problem.

4/ Your Standards-Version: isn't up-to-date. Did you build the package
in SID and ran lintian there?

Reviewed checklist and updated Standards-Version. Re-built using pbuilder sid and checked using lintian from backports. No issues.

I: libapache2-mod-socket-policy-server:

You don't need the last dot at the end, but you do need a longer
extended description. Lintian complains with less than 2 lines,
but I think at least 10 lines sounds reasonable. By reading what
you wrote, I still don't understand what your package is doing. :)

The description is now longer. Hopefully, it is also more descriptive. :-)

5/ Your debian/README explains how to use apt-get, that we can
edit the config file of the module, and how to restart apache. I
don't think you should do that, it's not helpful, but there might
be other things you want to document (like what to put in the
socket policy file for example?).

I updated the README to be a duplicate of the (new) description from the control file (including links describing the socket policy file format), plus a description of the configuration directives and a description of how to test that the module is configured as expected. Anything else come to mind that might be helpful here?

6/ Your package configures a VirtualHost in a /etc/apache2/conf.d
file, don't you think it would be nicer in /etc/apache2/sites-available?
If not, please explain here why.

True, VirtualHost doesn't really belong there. Not sure how I missed that. However, instead of moving the configuration, I removed the VirtualHost declaration, so that the default configuration is now a global configuration. None of the apache2 modules in the repository touch /etc/apache2/sites-available -- IMO the sites-available directory is more appropriate for something like a web application.

I hope the above helps,

It does, thank you.

Thanks for your will to contribute to Debian,


Thanks, I'm glad to be able to contribute to the community.

Daniel Kauffman
Lead Developer
Rock Solid Solutions, LLC
877.239.9195 toll-free
208.699.9699 mobile

Reply to: