Hi, I was asked to check this with you before the RMs would let apache2-mpm-itk into etch.
apache2-mpm-itk is an unofficial MPM for Apache 2.0 and up (although it has only ever existed in Debian for 2.2). It basically builds by depending on apache2-src, extracting that, patching itself in, building, and putting the /usr/sbin/apache2 binary into the .deb. (This is exactly what the other MPMs do, except that this one come from a different source package and requires a patch.) This means that every time apache2 is revved, apache2-mpm-itk will have to be rebuilt. A simple binNMU will suffice; the scripts automatically figure out the apache2-common version to depend on, and any changes to apache2 automatically trickle down into -mpm-itk (since it uses apache2-src as a base). However, this also means that the security team will have to do the same when fixing security bugs in apache2; if a bug is discovered, apache2-mpm-itk will need to be rebuilt (without any source changes, though, assuming the hole isn't specific to -mpm-itk, of course). Would this be OK for the security team? (I do not know of any objections from the debian-apache team; after all, apache2-src was added explicitly to support apache2-mpm-itk, as the debian-apache team currently does not want -mpm-itk within their own package.) /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
