I working on refreshing the default configuration files in the apache2
package. The current default files are stored statically to the Git
repository, forked from Fedora over 5 years ago. Over the past few
months, I have faced a number of issues due to the ancient baseline of
the configuration files. For example, I had to remove an obsolete
directive from ssl.conf, which was no longer recognized and prevented
the server from starting. Also the lists of allowed cipher suites and
security protocols could reflect better the advances in cryptologic
reseach during the past years. There are also outright security flaws,
which can be difficult to spot. For instance, httpd.conf contains the
# First, we configure the "default" to be a very restrictive set of
But what follows is actually a very permissive set of features due to
the relevant lines having been commented out.
What I would like to do is to base the default configuration files on
the upstream versions. All relevant changes would be stored as
patches, in order to facilitate keeping the default files up to date
and make it easier to spot mistakes.
Do you have any thoughts on the proposed approach? What kind of
changes Alpine Linux should make to the upstream default files, apart
from adaptation related to packaging and directory layout? Which
modules should be enabled by default?
Received on Wed Sep 23 2015 - 20:48:19 GMT