On Wednesday 14 April 2010, Sandro Tosi wrote: > On Mon, Apr 5, 2010 at 10:54, Stefan Fritsch <[email protected]> wrote: > > - 2.2.15-2 still has some bugs in mod_reqtimeout, 2.2.15-3 would > > be better (but will take some time until it hits testing). > > so do you suggest to backport -3 instead of -2? we don't use > mod_reqtimeout so we are not impacted from those bugs (so we didn't > spot them).
mod_reqtimeout will be enabled on update, though (unless you changed that). The bugs are mostly relevant when using mod_proxy at the same time, but using apache2 as reverse proxy is a common configuration. > On Wed, Apr 14, 2010 at 07:58, Jan Wagner <[email protected]> wrote: > > On Monday 05 April 2010 10:54:54 Stefan Fritsch wrote: > >> - it is also possible to use an older openssl, this would just > >> mean that the new 'SSLInsecureRenegotiation' directive would not > >> be available (at least I believe that lenny's openssl already > >> has SNI support). Maybe it would be better not to force people > >> to update that core library. If you want to go with the older > >> openssl, just downgrade the build-depends in apache and mention > >> in the changelog that this removes SSLInsecureRenegotiation. > > > > Any news here? > > Well, in our configuration we need SSLInsecureRenegotiation, so I > need a more recent openssl. If it's a problem, I can leave > > Jan, are you testing the packages I provided? are you facing any > issues? The openssl from squeeze will disable insecure renegotiation by default and will cause problems for some people. For example, it breaks tor (IIRC). I am not too familiar with backports.org. Will packages built in backports always be built with the openssl from backports, or only if there is a built-dep that cannot be satisfied in the normal lenny? If the former, I am against backporting it. If the latter, people have the option to just not install it. I am CCing the openssl maintainer, in case he wants to add something. Cheers, Stefan -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
