On 8/22/06, Jignesh Badani <[EMAIL PROTECTED]> wrote:
Thanks Nick, it makes sense. So can I assume that the Apache group is fine
with its user base using 3rd party mod_security and that they do not plan
to develop something similar ?
The reason I am confused is I see Ryan Barnett as Team Lead for "Internet
Security Apache Benchmark Project" and he talks/writes a lot about
mod_security.
I think you are referring to the "Center for Internet Security Apache
Benchmark Project". Note that the Center for Internet Security is not
affiliated in any way with the Apache Software Foundation, the makers
of the Apache HTTP Server.
The developers of the Apache HTTP Server are, however, VERY happy to
have third parties develop and release modules for the server. The
one issue to consider with mod_security is that (unless you pay for
it) it is GPL licensed. Depending on who you ask, linking GPL and
Apache-licensed code may or may not be legal. If it is legal, the
result is almost surely GPL licensed. This isn't likely a problem for
an end-user of mod_security, but would be a big issue if you wanted to
redistribute Apache httpd with mod_security.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
