On Thu, Jan 29, 2004 at 12:03:19PM -0500, Danny O'Brien wrote: > Here's the spec: > > Kernel2.4.18-bf2.4 > Apache1.3.26-0woo > openssl0.9.6c-2.wo > postgres7.2.1-2wood > php4.1.2-6wood > > My questions: > > - does "apt-get upgrade" always provide the most secure versions? The > reason I ask is: > > - Apache 1.3.26 seems ancient -- is this an OK version to run? I have > executed apt-get upgrade, and apt.conf is set for "stable." > > - also, openssl is up to 0.9.6 "l" -- 0.9.6 "c" also seems ancient.
We patch security problems in older versions in the stable suite rather than upgrading them wholesale. See: http://www.debian.org/security/faq#version You can look in /usr/share/doc/<package>/changelog.Debian.gz to find a record of these changes as applied. > - My previous build ran mod-ssl. However, there is no mod-ssl package > in Debian. Has anyone installed mod-ssl under Debian, or is there a > better program for this function? That's the libapache-mod-ssl package. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]