[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities

Christian Hammers wrote:

Oh, come on, if you "apt-get install" the Apache SSL module then you
really can expect it to actually get installed in the httpd.conf :-)
(Otherwise hundrets of normal users would complain that SSL does not work although they "installed" it. So at least in my opinion the
behaviour is ok as special configs will always need attention)

That's my point: I did not do "apt-get install", I did "apt-get upgrade". If this had been a fresh install, I would agree with you completely, but not in the case of a security update.

Mind you, the downtime ws limmited to some 5 hours, while it was night in the USA, so there's hardly any damage done wrt our customers. There's

If you run service for customers you should really install some kind of
watchdog on a different machine that monitors your servers and can
contact you by mail/SMS/phonering...

Well, we do actually. But since everything seemed to be running fine, I went to bed. Shortly after that apache tried to restart (presumably because a co-worker was doing mod_perl development) and never came back up. He told me he tried to phone me for a long time, but I slept like an innocent baby ;^) (we're in different time zones)

Also I would recommend you to try using RCS for these kind of config
files so you can review changes and/or keep the files readonly.

We do that too. Can be a life saver sometimes.


Reply to: