Re: [mod-security-packagers] [mod-security-users] ModSecurity 2.5.10 Released
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-packagers] [mod-security-users] ModSecurity 2.5.10 Released
|
From: Brian R. <Bri...@br...> - 2009-09-28 08:52:55
|
yersinia wrote: > On Sun, Sep 27, 2009 at 12:51 AM, Alberto Gonzalez Iniesta > <ag...@in... <mailto:ag...@in...>> wrote: > > On Sat, Sep 26, 2009 at 11:10:11AM +0200, yersinia wrote: > > On Fri, Sep 25, 2009 at 9:29 PM, Brian Rectanus > <bre...@gm... <mailto:bre...@gm...>> wrote: > > > > > ModSecurity has always required Lua 5.1.x. Perhaps this version is > > > finding 5.0 by mistake instead of ignoring it? The --without-lua > > > configure option should help you. I'll look at adding a > version check > > > to the next release. > > > > > > Could be useful for ModSecurity, in order to improve the > portability, put > > in the tarball the corrected versions of lua, or pcre, .. and > decide to > > configure time (or with a switch to configure) whether to include the > > private version or link to the one on the system? this is what > rpm does for > > years. Are you interested in this development ? I have some > experience with > > autofu and portability issue, some perhaps i can help in trying but i > > preferer to ask first. > > Thanks > > I don't think that's a good idea. Having different versions of > lua/foobar around your system. The documentation should state which > software you need, and which versions are required, to build > Modsecurity. Creating a huge tarball with all the build dependencies is > plain ugly and will lead to confusions. > > Could increase the work of the developer, but also make it more free in > its choices, but largely simplify the end luser experience and extend > the platforms on which a product works. This is my experience, that > might not be worth much, and that of the maintainer of this project > http://rpm5.org/cvs/fileview?f=rpm/INSTALL&v=2.125 > <http://rpm5.org/cvs/fileview?f=rpm/INSTALL&v=2.125> > http://rpm5.org/cvs/chngview?cn=13173 > > But YMMV, as everyone else. > > Elia Lua is not required, so I don't want to package it. The docs clearly state Lua 5.1.x and that it is optional (http://modsecurity.org/documentation/modsecurity-apache/2.5.10/modsecurity2-apache-reference.html#installation). Also, as Alberto stated, I don't think any of the people putting ModSecurity into a distribution will want it either (they will build with the distribution's version). On top of that, I just don't think it very wise to distribute another libs's source as that means it becomes my responsibility to have to keep it up-to-date and I don't need the extra work. Nor do I want to have to release another ModSecurity package just because there is a flaw in one of the bundled libs. -B -- Brian Rectanus Breach Security |
