On 2004-01-29, Danny O'Brien penned: > > --Apple-Mail-1-451834990 Content-Transfer-Encoding: 7bit Content-Type: > text/plain; charset=US-ASCII; format=flowed > > > I'm rebuilding a web server with a home-grown PHP site that allows > users to log in securely, to view, upload, and download files. This is > my first real foray into Debian. > > Here's the spec: > > Kernel2.4.18-bf2.4 Apache1.3.26-0woo openssl0.9.6c-2.wo > postgres7.2.1-2wood php4.1.2-6wood > > My questions: > > - does "apt-get upgrade" always provide the most secure versions? The > reason I ask is: > > - Apache 1.3.26 seems ancient -- is this an OK version to run? I have > executed apt-get upgrade, and apt.conf is set for "stable." > > - also, openssl is up to 0.9.6 "l" -- 0.9.6 "c" also seems ancient. > > - My previous build ran mod-ssl. However, there is no mod-ssl package > in Debian. Has anyone installed mod-ssl under Debian, or is there a > better program for this function? > > TIA >
First of all, I think you need to learn about debian versions. At any given time, there will be three debian distributions: stable, testing, and unstable. It sounds like you're running stable. Please read this link carefully: http://www.debian.org/releases/ For production servers, most people would strongly encourage you to run stable, as it's been beaten on the most and hence has the fewest bugs. It *does* contain older versions of packages than do testing or unstable; however, the debian developers do apply security patches to these packages, so my understanding is that these older packages, through debian, should be as secure as anything you're likely to find -- but they may not be as featureful. As you learn more about debian, you might look into pinning, backports, and other fun games. -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
