RE: Web server with PHP setup & mod-ssl
From: Rosenstrauch, David (david.rosenstrauch_at_csfb.com)
Date: 01/29/04
- Previous message: Rodney D. Myers: "Fw: aespipe & encrypted cdroms, not working"
- Maybe in reply to: Danny O'Brien: "Web server with PHP setup & mod-ssl"
- Next in thread: Danny O'Brien: "Re: Web server with PHP setup & mod-ssl"
- Reply: Danny O'Brien: "Re: Web server with PHP setup & mod-ssl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: debian-user@lists.debian.org Date: Thu, 29 Jan 2004 18:07:19 -0000
-----Original Message-----
From: Danny O'Brien [mailto:dannyo@steinrogan.com]
Sent: Thursday, January 29, 2004 12:19 PM
To: debian-user@lists.debian.org
Subject: Web server with PHP setup & mod-ssl
- does "apt-get upgrade" always provide the most secure versions? The reason
I ask is:
[Rosenstrauch, David]
Debian stable is considered the most secure. A distro isn't promoted from
testing to stable until it's been thoroughly tested. (See
http://www.debian.org/releases/ <http://www.debian.org/releases/> )
- Apache 1.3.26 seems ancient -- is this an OK version to run? I have executed
apt-get upgrade, and apt.conf is set for "stable."
[Rosenstrauch, David]
That said, the flip side of that is that there can be a *long* time between
releases in stable. The last major release of stable was on 19th of July,
2002.
So, yes, the version of Apache in stable is 1.3.26, which is older. But, as
the stable distro is considered the most stable, that's the one you should run
if you're most concerned about security. Although you certainly could upgrade
to the version from testing (1.3.29) if you'd like, you should be aware that
testing does not receive security updates in nearly as timely a fashion as
stable. (See http://www.debian.org/security/faq#testing
<http://www.debian.org/security/faq#testing> ) So that might be a bit on the
risky side for you, depending on how secure and mission-critical you need this
web server to be
- also, openssl is up to 0.9.6 "l" -- 0.9.6 "c" also seems ancient.
[Rosenstrauch, David]
Same answer as Apache.
- My previous build ran mod-ssl. However, there is no mod-ssl package in
Debian. Has anyone installed mod-ssl under Debian, or is there a better
program for this function?
TIA
- Danny O'Brien
[Rosenstrauch, David]
There's an apache-ssl package under Debian. Try "apt-get remove apache"
followed by "apt-get install apache-ssl".
HTH,
DR
==============================================================================
This message is for the sole use of the intended recipient. If you received
this message in error please delete it and notify us. If this message was
misdirected, CSFB does not waive any confidentiality or privilege. CSFB
retains and monitors electronic communications sent through its network.
Instructions transmitted over this system are not binding on CSFB until they
are confirmed by us. Message transmission is not guaranteed to be secure.
==============================================================================
-- To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Rodney D. Myers: "Fw: aespipe & encrypted cdroms, not working"
- Maybe in reply to: Danny O'Brien: "Web server with PHP setup & mod-ssl"
- Next in thread: Danny O'Brien: "Re: Web server with PHP setup & mod-ssl"
- Reply: Danny O'Brien: "Re: Web server with PHP setup & mod-ssl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
