On 2012-03-28, Kevin Chadwick <ma1l1i...@yahoo.co.uk> wrote: > Knowing nginx is on it's way to base and having just seen some fixes
It's already in base. > for nginx on gentoo (some CVES from 2009). All but one of those were fixed long ago, and the other was fixed recently (we do already have the fix for it) http://nginx.org/en/security_advisories.html > Is nginx going to complement apache in case users want features/prefer > it or replace apache as apache can no longer have time spent on it? Long term it doesn't make sense to maintain both in base, the best solution IMO would be to adjust as many ports as possible to work with nginx, and move Apache to the ports tree for those who need it. > Also, does anyone know if there are any CVEs applicable to base apache > currently? Hard to say, you can't look at general Apache problems because the version in base has a *huge* number of changes. If someone is interested in Apache and has the knowledge and time to work through CVEs and figure out which apply, I would imagine their time would probably be better spent on updating ports/www/apache-httpd and the major dependencies (apr, apr-util etc) which are pretty much unmaintained at present.
