Bug#1055131: RFS: lighttpd/1.4.73-1 -- light, fast, functional web server
Package: sponsorship-requests
Severity: normal
X-Debbugs-Cc: gs-bugs.debian.org@gluelogic.com
Dear mentors,
I am looking for a DD sponsor for my package "lighttpd":
https://salsa.debian.org/debian/lighttpd/
I am an upstream lighttpd developer and have participated in
maintaining lighttpd on Debian for a number of years.
I am listed as an uploader on https://tracker.debian.org/pkg/lighttpd
lighttpd-1.4.73-1 passes autopkgtests and expected CI tests,
and is tagged. (This is a non-DD maintainer upload.)
* Package name : lighttpd
Version : 1.4.73-1
Upstream contact : team+lighttpd@tracker.debian.org
* URL : https://lighttpd.net/
* License : BSD-3-Clause
* Vcs : https://git.lighttpd.net/lighttpd/lighttpd1.4
Important changes in lighttpd 1.4.73:
* HTTP/2 detect and log rapid reset attack
While lighttpd is not affected by HTTP/2 rapid reset attacks any more
than by other DoS attacks, changes have been made to lighttpd to detect
and log when a rapid reset attack occurs, and to close the HTTP/2
connection. Log watchers might subsequently use the trace to block IPs.
The goal is to make lightpd 1.4.73 available in unstable, testing,
and then backports (or sloppy-backports) to maintained Debian versions.
Please advise next steps.
Thank you. Glenn
P.S. The version of lighttpd in Debian Experimental is 1.4.71-1+exp1
and can be retired.
Reply to: