On 03/09/2010 05:19 PM, Graham Dumpleton wrote:
On 10 March 2010 09:15, Josh Kayse<[email protected]> wrote:
On 03/09/2010 04:58 PM, Graham Dumpleton wrote:
On 10 March 2010 00:41, Josh<[email protected]> wrote:
On Mar 9, 1:11 am, Graham Dumpleton<[email protected]>
wrote:
Seems that because RHEL ships an old mod_python and/or one that is
linked statically with Python and not dynamically, and as such can't
be loaded at the same time as mod_wsgi reliably, that rather than fix
their broken mod_python or ship a newer version that doesn't have the
issue, that it was suggested that RHEL remove mod_wsgi as a package
instead. Luckily others have suggested not taking such action.
I don't see anyone suggesting that mod_wsgi be removed from EPEL. I
explicitly stated that I didn't think it should be pulled from EPEL at
all. RHEL does not control what packages are deployed in EPEL, it is
a separate entity and as such it is up to the drivers of EPEL to
determine what packages are in EPEL, not RHEL. For the record, RHEL5
ships with mod_python 3.2.8 dynamically linked.
Currently mod_wsgi is not distributed with RHEL though there is a bug
request to have it included in the base distribution [1]. As such, I
am working to deploy updated version of mod_wsgi to Fedora so that it
has the greatest chance of being included in RHEL6.
http://www.linux-archive.org/epel-development/338102-mod_wsgi.html
Shakes head. :-(
Graham
-josh
[1] https://bugzilla.redhat.com/show_bug.cgi?id=510323
Sorry, didn't word it very well. Rather than it being suggested by a
person, more that if the rules were applied rigorously that it should
be removed.
Overall I still find the RedHat situation a bit frustrating/maddening
at times. They persist with an ancient version of mod_python which is
known to have quite substantial/serious bugs in it and rather than
correctly identify that the real problem is mod_python, mod_wsgi is
instead seen as being in conflict when it is mod_wsgi which is
actually correctly implemented and that mod_python version which is
flawed. RedHat keeping that buggy mod_python versions is really not
doing anyone any favours. If it isn't going to be updated you should
just drop mod_python completely from the distribution.
All I can say is that I really hope that RedHat incorporated into that
ancient version of mod_python the security fix described in:
http://www.modpython.org/3.1.4.html
If it hasn't then you are opening up users of that mod_python package
to exploits which could steal sensitive information from their
applications.
Graham
Assuming that problems applicable to 3.1 are not applicable to 3.2, then
yes, it has been fixed.
Crap, really don't have my head on straight today. Thought for a
moment that that issue occurred in early 3.2 versions.
A: No.
Q: Should I include quotations after my reply?
Don't top post: see http://www.caliburn.nl/topposting.html for more.
I am lazy sometimes when posts get long and just want the message to
be seen. :-)
Graham
It's ok, thanks to your bug response I fixed my test case and wsgi 3.1
and python 3.2.8 ARE working nicely together. I'm going to check with
EPEL to make sure updating to 3.1 won't be a problem and then I will
build the new mod_wsgi. Would you recommend I skip 3.1 and go to 3.2?
-josh
--
A: No.
Q: Should I include quotations after my reply?
Don't top post: see http://www.caliburn.nl/topposting.html for more.
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/modwsgi?hl=en.
