Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
Christian Hammers wrote:
Oh, come on, if you "apt-get install" the Apache SSL module then you
really can expect it to actually get installed in the httpd.conf :-)
(Otherwise hundrets of normal users would complain that SSL does not
work although they "installed" it. So at least in my opinion the
behaviour is ok as special configs will always need attention)
That's my point: I did not do "apt-get install", I did "apt-get
upgrade". If this had been a fresh install, I would agree with you
completely, but not in the case of a security update.
Mind you, the downtime ws limmited to some 5 hours, while it was night
in the USA, so there's hardly any damage done wrt our customers. There's
If you run service for customers you should really install some kind of
watchdog on a different machine that monitors your servers and can
contact you by mail/SMS/phonering...
Well, we do actually. But since everything seemed to be running fine, I
went to bed. Shortly after that apache tried to restart (presumably
because a co-worker was doing mod_perl development) and never came back
up. He told me he tried to phone me for a long time, but I slept like an
innocent baby ;^) (we're in different time zones)
Also I would recommend you to try using RCS for these kind of config
files so you can review changes and/or keep the files readonly.
We do that too. Can be a life saver sometimes.