Roland Rosenfeld <rol...@debian.org> writes: > I observe the following warning in xymon package:
> W: xymon: apache2-deprecated-auth-config Allow > [etc/apache2/conf-available/xymon.conf:23] > N: > N: The package is using some of the deprecated authentication configuration > N: directives Order, Satisfy, Allow, Deny, <Limit> or <LimitExcept> > N: > N: These do not integrate well with the new authorization scheme of Apache > N: 2.4 and, in the case of <Limit> and <LimitExcept> have confusing > N: semantics. The configuration directives should be replaced with a > suitable > N: combination of <RequireAll>, <RequireAny>, Require all, Require local, > N: Require ip, and Require method. > N: > N: Alternatively, the offending lines can be wrapped between <IfModule > N: !mod_authz_core.c> ... </IfModule> or <IfVersion < 2.3> ... </IfVersion> > N: directives. > N: > N: Visibility: warning > N: Show-Always: no > N: Check: apache2 > But this xymon.conf already uses the mentioned > <IfModule !mod_authz_core.c> ... </IfModule> > wrapper: This is definitely a bug in that the tag doesn't match the tag description, but it may also be worth noting that Apache 2.4 was released in February of 2012 and Apache 2.2 has been officially end of life and entirely unsupported since July of 2017. I think one can make a good argument that both the Lintian tag description and xymon should just drop all support for Apache versions prior to 2.4. Hopefully no one is still running it, since it almost certainly has significant unfixed security vulnerabilities at this point. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
