X-Original-To: alpine-devel@mail.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id B23A8DC06BD for ; Wed, 23 Sep 2015 17:48:29 +0000 (UTC) Received: from filtteri5.pp.htv.fi (filtteri5.pp.htv.fi [213.243.153.188]) by mail.alpinelinux.org (Postfix) with ESMTP id 67C0ADC0075 for ; Wed, 23 Sep 2015 17:48:29 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by filtteri5.pp.htv.fi (Postfix) with ESMTP id 84FB05A7146 for ; Wed, 23 Sep 2015 20:48:11 +0300 (EEST) X-Virus-Scanned: Debian amavisd-new at pp.htv.fi Received: from smtp4.welho.com ([213.243.153.38]) by localhost (filtteri5.pp.htv.fi [213.243.153.188]) (amavisd-new, port 10024) with ESMTP id isHXVZDV9xyF for ; Wed, 23 Sep 2015 20:48:06 +0300 (EEST) Received: from kanala.kunkku.net (cs27044253.pp.htv.fi [89.27.44.253]) by smtp4.welho.com (Postfix) with ESMTP id 7855A5BC015 for ; Wed, 23 Sep 2015 20:48:22 +0300 (EEST) Received: from kanala.kunkku.net (kanala.kunkku.net [127.0.0.1]) by kanala.kunkku.net (8.14.9/8.14.9) with ESMTP id t8NHmKKT004636 for ; Wed, 23 Sep 2015 20:48:20 +0300 Received: from localhost (kaarle@localhost) by kanala.kunkku.net (8.14.9/8.14.9/Submit) with ESMTP id t8NHmJrJ004633 for ; Wed, 23 Sep 2015 20:48:20 +0300 X-Authentication-Warning: kanala.kunkku.net: kaarle owned process doing -bs Date: Wed, 23 Sep 2015 20:48:19 +0300 (EEST) From: Kaarle Ritvanen X-X-Sender: kaarle@kanala.kunkku.net To: alpine-devel@lists.alpinelinux.org Subject: [alpine-devel] apache2 configuration files Message-ID: User-Agent: Alpine 2.20 (LFD 67 2015-01-07) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: ClamAV using ClamSMTP Hello, I working on refreshing the default configuration files in the apache2 package. The current default files are stored statically to the Git repository, forked from Fedora over 5 years ago. Over the past few months, I have faced a number of issues due to the ancient baseline of the configuration files. For example, I had to remove an obsolete directive from ssl.conf, which was no longer recognized and prevented the server from starting. Also the lists of allowed cipher suites and security protocols could reflect better the advances in cryptologic reseach during the past years. There are also outright security flaws, which can be difficult to spot. For instance, httpd.conf contains the following comment: # First, we configure the "default" to be a very restrictive set of # features. But what follows is actually a very permissive set of features due to the relevant lines having been commented out. What I would like to do is to base the default configuration files on the upstream versions. All relevant changes would be stored as patches, in order to facilitate keeping the default files up to date and make it easier to spot mistakes. Do you have any thoughts on the proposed approach? What kind of changes Alpine Linux should make to the upstream default files, apart from adaptation related to packaging and directory layout? Which modules should be enabled by default? BR, Kaarle --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---