On 10 March 2010 00:41, Josh <[email protected]> wrote: > On Mar 9, 1:11 am, Graham Dumpleton <[email protected]> > wrote: >> Seems that because RHEL ships an old mod_python and/or one that is >> linked statically with Python and not dynamically, and as such can't >> be loaded at the same time as mod_wsgi reliably, that rather than fix >> their broken mod_python or ship a newer version that doesn't have the >> issue, that it was suggested that RHEL remove mod_wsgi as a package >> instead. Luckily others have suggested not taking such action. >> > I don't see anyone suggesting that mod_wsgi be removed from EPEL. I > explicitly stated that I didn't think it should be pulled from EPEL at > all. RHEL does not control what packages are deployed in EPEL, it is > a separate entity and as such it is up to the drivers of EPEL to > determine what packages are in EPEL, not RHEL. For the record, RHEL5 > ships with mod_python 3.2.8 dynamically linked. > > Currently mod_wsgi is not distributed with RHEL though there is a bug > request to have it included in the base distribution [1]. As such, I > am working to deploy updated version of mod_wsgi to Fedora so that it > has the greatest chance of being included in RHEL6. > >> http://www.linux-archive.org/epel-development/338102-mod_wsgi.html >> >> Shakes head. :-( >> >> Graham > > -josh > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=510323
Sorry, didn't word it very well. Rather than it being suggested by a person, more that if the rules were applied rigorously that it should be removed. Overall I still find the RedHat situation a bit frustrating/maddening at times. They persist with an ancient version of mod_python which is known to have quite substantial/serious bugs in it and rather than correctly identify that the real problem is mod_python, mod_wsgi is instead seen as being in conflict when it is mod_wsgi which is actually correctly implemented and that mod_python version which is flawed. RedHat keeping that buggy mod_python versions is really not doing anyone any favours. If it isn't going to be updated you should just drop mod_python completely from the distribution. All I can say is that I really hope that RedHat incorporated into that ancient version of mod_python the security fix described in: http://www.modpython.org/3.1.4.html If it hasn't then you are opening up users of that mod_python package to exploits which could steal sensitive information from their applications. Graham -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
