Re: Web server with PHP setup & mod-ssl
On Thu, Jan 29, 2004 at 12:03:19PM -0500, Danny O'Brien wrote:
> Here's the spec:
>
> Kernel2.4.18-bf2.4
> Apache1.3.26-0woo
> openssl0.9.6c-2.wo
> postgres7.2.1-2wood
> php4.1.2-6wood
>
> My questions:
>
> - does "apt-get upgrade" always provide the most secure versions? The
> reason I ask is:
>
> - Apache 1.3.26 seems ancient -- is this an OK version to run? I have
> executed apt-get upgrade, and apt.conf is set for "stable."
>
> - also, openssl is up to 0.9.6 "l" -- 0.9.6 "c" also seems ancient.
We patch security problems in older versions in the stable suite rather
than upgrading them wholesale. See:
http://www.debian.org/security/faq#version
You can look in /usr/share/doc/<package>/changelog.Debian.gz to find a
record of these changes as applied.
> - My previous build ran mod-ssl. However, there is no mod-ssl package
> in Debian. Has anyone installed mod-ssl under Debian, or is there a
> better program for this function?
That's the libapache-mod-ssl package.
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: