~alpine/devel

1

[alpine-devel] apache2 configuration files

Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Details
Message ID
<alpine.LFD.2.20.1509232046580.4609@kanala.kunkku.net>
Sender timestamp
1443030499
DKIM signature
missing
Download raw message
8 years ago 
Hello,

I working on refreshing the default configuration files in the apache2
package. The current default files are stored statically to the Git
repository, forked from Fedora over 5 years ago. Over the past few
months, I have faced a number of issues due to the ancient baseline of
the configuration files. For example, I had to remove an obsolete
directive from ssl.conf, which was no longer recognized and prevented
the server from starting. Also the lists of allowed cipher suites and
security protocols could reflect better the advances in cryptologic
reseach during the past years. There are also outright security flaws,
which can be difficult to spot. For instance, httpd.conf contains the
following comment:

# First, we configure the "default" to be a very restrictive set of
# features.

But what follows is actually a very permissive set of features due to
the relevant lines having been commented out.

What I would like to do is to base the default configuration files on
the upstream versions. All relevant changes would be stored as
patches, in order to facilitate keeping the default files up to date
and make it easier to spot mistakes.

Do you have any thoughts on the proposed approach? What kind of
changes Alpine Linux should make to the upstream default files, apart
from adaptation related to packaging and directory layout? Which
modules should be enabled by default?

BR,
Kaarle


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

[alpine-devel] Re: apache2 configuration files

Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Details
Message ID
<alpine.LFD.2.20.1512151125500.28493@kanala.kunkku.net>
In-Reply-To
<alpine.LFD.2.20.1509232046580.4609@kanala.kunkku.net> (view parent)
Sender timestamp
1450176151
DKIM signature
missing
Download raw message
8 years ago 
On Wed, 23 Sep 2015, Kaarle Ritvanen wrote:

> Do you have any thoughts on the proposed approach? What kind of
> changes Alpine Linux should make to the upstream default files, apart
> from adaptation related to packaging and directory layout? Which
> modules should be enabled by default?

As there were no responses to this inquiry, I made the decisions by 
myself. Please verify your configuration after upgrading to 3.3.

BR,
Kaarle


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)