Matt Zimmerman:
> The machine which builds security updates for alpha is currently
> offline.
I'm a bit amazed you depend on only one machine to build those
packages...
Well for people that have an alpha and didn't compile it yet for their
selves, I put a deb at:
http://www.famdijkstra.org/~tdyk
On Thu, Jul 29, 2004 at 11:56:41AM +0200, Tim Dijkstra wrote:
> As the advisory recommended, I 'apt-get upgrade'd my stable boxen, but I
> noticed that on my alpha server the only thing that was updated where the
> docs. Indeed the advisory doesn't talk about a new version for alpha. Is
> there a
On Thu, 22 Jul 2004 20:29:33 -0700
Matt Zimmerman <[EMAIL PROTECTED]> wrote:
> -
> Debian Security Advisory DSA 532-1
> [EMAIL PROTECTED] http://www.debian.org/security/
> Matt Zimmer
> * elijah wright <[EMAIL PROTECTED]> [040727 19:40]:
> > and it probably would have been fine, if you'd been running a stock
> > config.
>
> If things only have to be fine when using a stock config, why not
> abolish all those limiting rules about /etc and just disallow the use to
> cope with it
* elijah wright <[EMAIL PROTECTED]> [040727 19:40]:
> and it probably would have been fine, if you'd been running a stock
> config.
If things only have to be fine when using a stock config, why not
abolish all those limiting rules about /etc and just disallow the
use to cope with it directly and k
> That's my point: I did not do "apt-get install", I did "apt-get
> upgrade". If this had been a fresh install, I would agree with you
> completely, but not in the case of a security update.
and it probably would have been fine, if you'd been running a stock
config.
with great power comes great
Christian Hammers wrote:
Oh, come on, if you "apt-get install" the Apache SSL module then you
really can expect it to actually get installed in the httpd.conf :-)
(Otherwise hundrets of normal users would complain that SSL does not
work although they "installed" it. So at least in my opinion the
b
On Tue, Jul 27, 2004 at 09:05:22AM -0700, Matt Zimmerman wrote:
> It is unfortunate that this caused a problem for you, but it was not the
> resul of the security update. The woody Apache packages have always worked
> this way, and will modify /etc/apache/httpd.conf.
It is worth noting that as of
On Tue, Jul 27, 2004 at 01:01:10PM +0200, Rhesa Rozendaal wrote:
> The main reason is that it adds the line
>
> LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
>
> to the apache config file /etc/apache/httpd.conf.
>
> Here's why this breaks my setup: I run two instances of apache, a
On Tue, Jul 27, 2004 at 01:42:19PM +0200, Christian Hammers wrote:
> > In my case, the frontend handles SSL connections. Its config file is
> > /etc/apache/ht-light.conf.
> > The backend instance uses the original filename /etc/apache/httpd.conf.
> > The frontend is already bound to port 443. The
On Tue, Jul 27, 2004 at 01:42:19PM +0200, Christian Hammers wrote:
>
> On Tue, Jul 27, 2004 at 01:01:10PM +0200, Rhesa Rozendaal wrote:
> > In my case, the frontend handles SSL connections. Its config file is
> > /etc/apache/ht-light.conf.
> > The backend instance uses the original filename /etc/
Hello Rhesa
On Tue, Jul 27, 2004 at 01:01:10PM +0200, Rhesa Rozendaal wrote:
> In my case, the frontend handles SSL connections. Its config file is
> /etc/apache/ht-light.conf.
> The backend instance uses the original filename /etc/apache/httpd.conf.
> The frontend is already bound to port 443. T
Rhesa Rozendaal wrote:
.
My advice would be to _not_ add the LoadModule line to the apache
config: if this security update needs installing, it is very likely that
SSL is already configured correctly. At the very least, make it a
question that I can answer yes or no to.
Perhaps a better solutio
Matt Zimmerman wrote:
- --
Debian Security Advisory DSA 532-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
July 22nd, 2004 http://www.d
14 matches
Mail list logo
