On 10 March 2010 09:15, Josh Kayse <[email protected]> wrote: > On 03/09/2010 04:58 PM, Graham Dumpleton wrote: >> >> On 10 March 2010 00:41, Josh<[email protected]> wrote: >> >>> >>> On Mar 9, 1:11 am, Graham Dumpleton<[email protected]> >>> wrote: >>> >>>> >>>> Seems that because RHEL ships an old mod_python and/or one that is >>>> linked statically with Python and not dynamically, and as such can't >>>> be loaded at the same time as mod_wsgi reliably, that rather than fix >>>> their broken mod_python or ship a newer version that doesn't have the >>>> issue, that it was suggested that RHEL remove mod_wsgi as a package >>>> instead. Luckily others have suggested not taking such action. >>>> >>>> >>> >>> I don't see anyone suggesting that mod_wsgi be removed from EPEL. I >>> explicitly stated that I didn't think it should be pulled from EPEL at >>> all. RHEL does not control what packages are deployed in EPEL, it is >>> a separate entity and as such it is up to the drivers of EPEL to >>> determine what packages are in EPEL, not RHEL. For the record, RHEL5 >>> ships with mod_python 3.2.8 dynamically linked. >>> >>> Currently mod_wsgi is not distributed with RHEL though there is a bug >>> request to have it included in the base distribution [1]. As such, I >>> am working to deploy updated version of mod_wsgi to Fedora so that it >>> has the greatest chance of being included in RHEL6. >>> >>> >>>> >>>> http://www.linux-archive.org/epel-development/338102-mod_wsgi.html >>>> >>>> Shakes head. :-( >>>> >>>> Graham >>>> >>> >>> -josh >>> >>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=510323 >>> >> >> Sorry, didn't word it very well. Rather than it being suggested by a >> person, more that if the rules were applied rigorously that it should >> be removed. >> >> Overall I still find the RedHat situation a bit frustrating/maddening >> at times. They persist with an ancient version of mod_python which is >> known to have quite substantial/serious bugs in it and rather than >> correctly identify that the real problem is mod_python, mod_wsgi is >> instead seen as being in conflict when it is mod_wsgi which is >> actually correctly implemented and that mod_python version which is >> flawed. RedHat keeping that buggy mod_python versions is really not >> doing anyone any favours. If it isn't going to be updated you should >> just drop mod_python completely from the distribution. >> >> All I can say is that I really hope that RedHat incorporated into that >> ancient version of mod_python the security fix described in: >> >> http://www.modpython.org/3.1.4.html >> >> If it hasn't then you are opening up users of that mod_python package >> to exploits which could steal sensitive information from their >> applications. >> >> Graham >> >> > > Assuming that problems applicable to 3.1 are not applicable to 3.2, then > yes, it has been fixed.
Crap, really don't have my head on straight today. Thought for a moment that that issue occurred in early 3.2 versions. > A: No. > Q: Should I include quotations after my reply? > > Don't top post: see http://www.caliburn.nl/topposting.html for more. I am lazy sometimes when posts get long and just want the message to be seen. :-) Graham -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
