[wplug] Apache+ssl question

Bill bhalpin at collaborativefusion.com
Wed Feb 19 09:03:55 EST 2003 

I've seen a couple people respond to the original message that have
suggested getting the latest version, and then have gone on to talk
about version 1.3.x instead of 2.0.x.

Is there something up with Apache2 that I should be aware of?

I have it in production and it has worked great for me.

Just curious since the subject of Apache2 has been mysteriously missing
from the discussion...

-b

On Tue, 2003-02-18 at 21:29, Bob Schmertz wrote:
> Can you "upgrade" a package like Apache?  Well, sometimes "yes",
> sometimes "mostly yes".  If you were using a Linux distro with package
> management, like an RPM-based system (Red Hat, SuSE, Mandrake, et.al.)
> or Debian, then you could use the package manager to neatly replace your
> old Apache with the new one, taking out the old before sticking in the
> new.  Slackware, as I understand, has no such package management.
> 
> More to the point, if you're reading instructions on how to install
> Apache, more than likely they don't have graceful package management in
> mind; it's going to install where it wants, oblivious to any existing
> installations, and if that means overwriting your existing installation,
> the new Apache won't mind blowing away whatever it needs to to make room
> for itself :-)
> 
> To be on the safe side, I would recommend getting the latest 1.3.x
> version of Apache, and doing your best to follow the instructions, being
> careful to choose a different installation directory than the one your
> current Apache resides in.  You could do this by giving the $INSTALL_DIR
> variable (or whatever is there -- I don't have the install scripts in
> front of me) a unique directory like /usr/local/apache (assuming that
> doesn't already exist).  That way you don't have anything funky going on
> with overwritten installations (which -- someone correct me if I'm wrong
> -- really isn't likely to be a big problem actually), and if the
> instructions end up not working for that version of Apache, you can just
> delete that directory (or follow the instructions contained in the
> version you downloaded).
> 
> Latest versions are generally desired, and this is definitely true for
> the Apache 1.3.x series.  1.3.12 sounds positively ancient and probably
> has all sorts of well-known exploits.
> 
> On Mon, 2003-02-17 at 18:52, Arnaud Loos wrote:
> > Hello all. I have 2 Apache questions which may seem a bit foolish but
> > keep in mind I am a brand new linux user. I have before me installation
> > instructions for Apache-SSL which references apache_1.3.12+ssl_1.41 with
> > openssl-0.9.5a. I checked the websites and have found current versions
> > to be apache_1.3.27+ssl_1.48 and openssl-0.9.7. My first question is if
> > anyone would have a reason why to not use the most current versions. I
> > assume that the installation would be the same plus I would benefit from
> > the most current security fixes. I'm mostly concerned about stability
> > issues.
> > 
> > My second question is that the instructions I have assume no prior
> > Apache installation on the box. In fact, I will be installing on a
> > machine with a prior installation of Apache. Coming from the windows
> > mentality a new version should just update a prior version it finds on
> > the system. However, I would like to make sure that this will in fact
> > happen.
> > 
> > The system I am installing on is slackware 8.0.47.
> > 
> > Thanks for any help.
> > 
> > Arnaud-
> -- 
> Cheers,
> Bob Schmertz
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list