2010/3/9 Graham Dumpleton <[email protected]>: > On 10 March 2010 00:41, Josh <[email protected]> wrote: >> On Mar 9, 1:11 am, Graham Dumpleton <[email protected]> >> wrote: >>> Seems that because RHEL ships an old mod_python and/or one that is >>> linked statically with Python and not dynamically, and as such can't >>> be loaded at the same time as mod_wsgi reliably, that rather than fix >>> their broken mod_python or ship a newer version that doesn't have the >>> issue, that it was suggested that RHEL remove mod_wsgi as a package >>> instead. Luckily others have suggested not taking such action. >>> >> I don't see anyone suggesting that mod_wsgi be removed from EPEL. I >> explicitly stated that I didn't think it should be pulled from EPEL at >> all. RHEL does not control what packages are deployed in EPEL, it is >> a separate entity and as such it is up to the drivers of EPEL to >> determine what packages are in EPEL, not RHEL. For the record, RHEL5 >> ships with mod_python 3.2.8 dynamically linked. >> >> Currently mod_wsgi is not distributed with RHEL though there is a bug >> request to have it included in the base distribution [1]. As such, I >> am working to deploy updated version of mod_wsgi to Fedora so that it >> has the greatest chance of being included in RHEL6. >> >>> http://www.linux-archive.org/epel-development/338102-mod_wsgi.html >>> >>> Shakes head. :-( >>> >>> Graham >> >> -josh >> >> [1] https://bugzilla.redhat.com/show_bug.cgi?id=510323 > > Sorry, didn't word it very well. Rather than it being suggested by a > person, more that if the rules were applied rigorously that it should > be removed. > > Overall I still find the RedHat situation a bit frustrating/maddening > at times. They persist with an ancient version of mod_python which is > known to have quite substantial/serious bugs in it and rather than > correctly identify that the real problem is mod_python, mod_wsgi is > instead seen as being in conflict when it is mod_wsgi which is > actually correctly implemented and that mod_python version which is > flawed. RedHat keeping that buggy mod_python versions is really not > doing anyone any favours. If it isn't going to be updated you should > just drop mod_python completely from the distribution.
Yes. The best would be to swap mod_python and mod_wsgi places in both RHEL 6 and Fedora 13. Move mod_python from RHEL 6 to EPEL and mod_wsgi from EPEL to RHEL 6. Analogously include mod_wgsi in Fedora 13 and take mod_python out of it. Both are already in Everything. Regards, Clodoaldo > > All I can say is that I really hope that RedHat incorporated into that > ancient version of mod_python the security fix described in: > > http://www.modpython.org/3.1.4.html > > If it hasn't then you are opening up users of that mod_python package > to exploits which could steal sensitive information from their > applications. > > Graham > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/modwsgi?hl=en. > > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
