From: Donald J. Ankney (ankneydu.washington.edu)
Date: Tue Apr 04 2006 - 10:14:03 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"The Apache 1.3 series is being actively maintained, and developed at
a leisurely pace, to maintain stability. Releases will be made to
address security issues, or after a comfortable number of bug fixes
or improvements have been made. Significantly new features are
unlikely to be added to 1.3 in preference to 2.0, although important
new features and enhancements will be seriously considered for
inclusion in 1.3." -- http://httpd.apache.org/download.cgi

The Apache 1.3 strain is still a very active project. The code is
much less complex than V2 and thus easier to debug/secure. If you
don't need all of the added bells & whistles in V2, then sticking
with 1.3 is a pretty decent idea. In fact, it's still actively
packaged with commercial solutions (including OS X/OS X Server 10.4).

One of the main advantages of OpenBSD is that it doesn't bundle a ton
of "features" with the OS. It's a very clean, lean, basic
installation that I can add the few things I need running on a
server. Compared to Red Hat Enterprise, OpenBSD is much easier to
manage/secure because of it's clean design.

> -----Original Message-----
> From: owner-miscopenbsd.org [mailto:owner-miscopenbsd.org] On Behalf
> Of David B.
> Sent: Monday, April 03, 2006 4:41 AM
> To: miscopenbsd.org
> Subject: 3.9 coming out
>
> hi, I see 3.9 is getting ready to be released. Do you plan on
> bundling
> Apache2 with it? it would seem a logical thing to do, since the
> Apache
> version currently bundled with it seems to have problems.
>
> I just lost my entire development box to a hack this week, right
> through
>
> smoothwall's DMZ. I had apache up, postgresql installed with the
> mod_php
> as
> the middleware. All settings were default and the only port I had
> open
> was
> 80 through smoothwall. I even had all packets dropped that came from
> asia,
> south america and africa.
>
> The point being, if you sell security as your market niche, you might
> want
> to make sure that, at least, Apache be up to date, and not a version
> from 5
> years ago where who knows how many hacks there are out there for it.
>
> I don't mind rebuilding my development box from scratch because that's
> why I
> had it on the net like that anyway, simply to see how long it would
> take
> for
> someone to crash it. It took less than a month - that's not very good
> from
> a default security viewpoint.
>
> I'm assuming of course that Apache is the problem, as there are no
> logs
> or
> anyway to tell what happened, but the hard drive started to make an
> awful
> screaching sound as the drive was apparently being forced to track the
> heads
> back and forth very quickly. The drive is fine, but apache and
> postgresql
> won't start, and the wtmp file was erased, so that when I did a 'last'
> only
> my most recent login came up.
>
> Anyway, it would be nice if Apache 2 were available for 3.9

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]