"The Apache 1.3 series is being actively maintained, and developed at
a leisurely pace, to maintain stability. Releases will be made to
address security issues, or after a comfortable number of bug fixes
or improvements have been made. Significantly new features are
unlikely to be added to 1.3 in preference to 2.0, although important
new features and enhancements will be seriously considered for
inclusion in 1.3." -- http://httpd.apache.org/download.cgi
The Apache 1.3 strain is still a very active project. The code is
much less complex than V2 and thus easier to debug/secure. If you
don't need all of the added bells & whistles in V2, then sticking
with 1.3 is a pretty decent idea. In fact, it's still actively
packaged with commercial solutions (including OS X/OS X Server 10.4).
One of the main advantages of OpenBSD is that it doesn't bundle a ton
of "features" with the OS. It's a very clean, lean, basic
installation that I can add the few things I need running on a
server. Compared to Red Hat Enterprise, OpenBSD is much easier to
manage/secure because of it's clean design.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of David B.
Sent: Monday, April 03, 2006 4:41 AM
To: misc@openbsd.org
Subject: 3.9 coming out
hi, I see 3.9 is getting ready to be released. Do you plan on
bundling
Apache2 with it? it would seem a logical thing to do, since the
Apache
version currently bundled with it seems to have problems.
I just lost my entire development box to a hack this week, right
through
smoothwall's DMZ. I had apache up, postgresql installed with the
mod_php
as
the middleware. All settings were default and the only port I had
open
was
80 through smoothwall. I even had all packets dropped that came from
asia,
south america and africa.
The point being, if you sell security as your market niche, you might
want
to make sure that, at least, Apache be up to date, and not a version
from 5
years ago where who knows how many hacks there are out there for it.
I don't mind rebuilding my development box from scratch because that's
why I
had it on the net like that anyway, simply to see how long it would
take
for
someone to crash it. It took less than a month - that's not very good
from
a default security viewpoint.
I'm assuming of course that Apache is the problem, as there are no
logs
or
anyway to tell what happened, but the hard drive started to make an
awful
screaching sound as the drive was apparently being forced to track the
heads
back and forth very quickly. The drive is fine, but apache and
postgresql
won't start, and the wtmp file was erased, so that when I did a 'last'
only
my most recent login came up.
Anyway, it would be nice if Apache 2 were available for 3.9
