On 2025/01/21 09:26, Matthias Pitzl wrote: > On 20.01.2025 - 20:53:24, Kirill A. Korinsky wrote: > > On Mon, 20 Jan 2025 09:42:21 +0100, > > Matthias Pitzl <pi...@genua.de> wrote: > > > > > > @@ -65,6 +68,7 @@ HOMEPAGE-geoip2= https://github.com/leev > > > HOMEPAGE-headers_more= > > > https://github.com/openresty/headers-more-nginx-module > > > HOMEPAGE-ldap_auth= https://github.com/kvspb/nginx-auth-ldap > > > HOMEPAGE-lua= https://github.com/openresty/lua-nginx-module > > > +HOMEPAGE-modsecurity3= > > > https://github.com/owasp-modsecurity/ModSecurity-nginx > > > > I'd like to add my two cents: > > 1. ModSecurity is under Apache2, shall we update comment near > > PERMIT_PACKAGE?
good point, > I don't really know if this is required. The already existing naxsi module is > under GPLv3, so why would it be a problem that ModSecurity3 is under Apache2 > license? it's for information for users reading ports, and gives a clue to maintainers about whether we're allowed to distribute it. looks like this would be correct: # nginx, cache_purge, geoip2, headers_more, ldap_auth, njs, rtmp: BSD-like # passenger: MIT # securelink: unlicense # naxsi: GPLv3 # modsecurity: Apache2 PERMIT_PACKAGE= Yes > > 2. Why modsecurity3? Why not just modsecurity? > Called it modsecurity3 because it is for libmodsecurity 3.x. > Libmodsecurity 2.x is an Apache only implementation. also a good point, you don't want to have to change FULLPKGPATH if libmodsecurity 4.x is released. just using -modsecurity in MULTI_PACKAGES and the variable suffixes would make sense.
