On 03/09/2010 04:58 PM, Graham Dumpleton wrote:
On 10 March 2010 00:41, Josh<[email protected]> wrote:
On Mar 9, 1:11 am, Graham Dumpleton<[email protected]>
wrote:
Seems that because RHEL ships an old mod_python and/or one that is
linked statically with Python and not dynamically, and as such can't
be loaded at the same time as mod_wsgi reliably, that rather than fix
their broken mod_python or ship a newer version that doesn't have the
issue, that it was suggested that RHEL remove mod_wsgi as a package
instead. Luckily others have suggested not taking such action.
I don't see anyone suggesting that mod_wsgi be removed from EPEL. I
explicitly stated that I didn't think it should be pulled from EPEL at
all. RHEL does not control what packages are deployed in EPEL, it is
a separate entity and as such it is up to the drivers of EPEL to
determine what packages are in EPEL, not RHEL. For the record, RHEL5
ships with mod_python 3.2.8 dynamically linked.
Currently mod_wsgi is not distributed with RHEL though there is a bug
request to have it included in the base distribution [1]. As such, I
am working to deploy updated version of mod_wsgi to Fedora so that it
has the greatest chance of being included in RHEL6.
http://www.linux-archive.org/epel-development/338102-mod_wsgi.html
Shakes head. :-(
Graham
-josh
[1] https://bugzilla.redhat.com/show_bug.cgi?id=510323
Sorry, didn't word it very well. Rather than it being suggested by a
person, more that if the rules were applied rigorously that it should
be removed.
Overall I still find the RedHat situation a bit frustrating/maddening
at times. They persist with an ancient version of mod_python which is
known to have quite substantial/serious bugs in it and rather than
correctly identify that the real problem is mod_python, mod_wsgi is
instead seen as being in conflict when it is mod_wsgi which is
actually correctly implemented and that mod_python version which is
flawed. RedHat keeping that buggy mod_python versions is really not
doing anyone any favours. If it isn't going to be updated you should
just drop mod_python completely from the distribution.
All I can say is that I really hope that RedHat incorporated into that
ancient version of mod_python the security fix described in:
http://www.modpython.org/3.1.4.html
If it hasn't then you are opening up users of that mod_python package
to exploits which could steal sensitive information from their
applications.
Graham
Assuming that problems applicable to 3.1 are not applicable to 3.2, then
yes, it has been fixed.
-josh
--
A: No.
Q: Should I include quotations after my reply?
Don't top post: see http://www.caliburn.nl/topposting.html for more.
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/modwsgi?hl=en.
