On 11.02.19 10:29, Jan Wagner wrote: > Am 11.02.19 um 09:51 schrieb Sven Hartge:
>> Also I am a bit disappointed by you invoking the "the next release is >> near" argument. Most of my servers for example won't get Buster until >> early to mid 2020 and I think many of others are in the same boat. > just to point this out. You prefer an invasive backport and risk to > stability in other areas? The update policy of Debian in the past was, > that this should be avoided. No, I am disappointed in the "let's do nothing" stance. I can see why backporting the newer mpm_event is risky and that it should be avoided. I can also know that just throwing in a completely new Apache is something Debian does not do, I've been using Debian for the last 20 years because of exactly that guarantee, to not get surprised by mid-release major changes. But this bug has been encountered frequently enough (and is difficult to spot, if you don't exactly know what to search for) and with increasing adoption of SSL more and more people will hit it, that I think at least *some* action is warranted. Maybe better documentation to help people encountering this or maybe changing the default MPM for Stretch on new installs, since mpm_event in Stretch clearly is flawed and buggy with SSL. But just saying "Buster is release soon" can't be the right solution here. Stretch will likely be used for at least 3 more years before it is phased out, keeping a *known* bug with an easy workaround active for that long because of "we don't change Debian Stable *ever*" seems wrong to me. Grüße, Sven.
Description: OpenPGP digital signature