Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Apache Software

Apache 1.3.32 Released 27

chipster writes "Apache 1.3.32 has been released. This version of Apache is principally a security and bug fix release. You can read about the new features here, and get Apache 1.3.32 here. Also available is the 1.3 ChangeLog. Additionally, to compliment this release of Apache, mod_ssl- 2.8.21-1.3.32 has also been released."
This discussion has been archived. No new comments can be posted.

Apache 1.3.32 Released

Comments Filter:
  • Is that the new, somewhat unfree, or the old free license?
  • Nice job, Chip. And you already have it packaged, don't you?

    BTW: First post?
  • ...apt-get update;apt-get upgrade folks ;) At least for the debian folk ;> Now, being a bit more serious, no careful sysadmin does that...right? Reading the changelog and making sure the release isnt broken in the respository is a good practice, at least, in the case of production servers. Its better to stay unprotected against some vulnerabilities for an hour or two then breaking your fine-tuned system. Especially since security should not start at application level.
    • ...apt-get update;apt-get upgrade folks ;) At least for the debian folk ;>

      Funny, those commands work just fine on my RedHat, Fedora, Aurora, and Yellow Dog boxen. Then again, I'm using apt4rpm [sourceforge.net].
      • Funny, those commands work just fine on my RedHat, Fedora, Aurora, and Yellow Dog boxen. Then again, I'm using apt4rpm. That's all very well, but on all the boxes I've seen with apt-get for rpm the repositories are somewhat devoid of packages, which kinda defeats the purpose of a package management system.
  • Lighttpd (Score:1, Offtopic)

    by Per Wigren ( 5315 )
    If you haven't done so yet, check out Lighttpd [kneschke.de]! An incredible fast and feature-rich yet minimalistic BSD-licensed webserver! My favourite part is that it runs PHP inside one or several minimal FastCGI-daemon(s) which can be placed on any host, so Lighttpd will act as a load-balancing frontend serving data from several hosts running only PHP (and no webserver at all)...
  • 1.3.37 (Score:5, Funny)

    by kagaku ( 774787 ) on Friday October 22, 2004 @12:20PM (#10599694)
    Not very long until 1.3.37!
  • What is the practical difference between Apache 1.3.# and Apache 2.0.#?

    1.3 ships with OS X (yes, I am one of those) and has always performed great. Plus, it is integrated in the operating system. I have always been curious about what advantages 2.0 might have and whether I should upgrade. I have installed it a couple of times, both from source and from binary but found it had to be executed from the shell. No big deal but the fact that I have not seen where anyone has integrated 2.0 into OS X's GUI we

    • by ttfkam ( 37064 ) on Friday October 22, 2004 @05:40PM (#10604467) Homepage Journal
      Some differences:
      1. mod_proxy has been completely rewritten so as to be fully compatible with HTTP/1.1
      2. caching has been removed from mod_proxy and made into its own module, mod_cache, with a couple of implementations available
      3. your choice of pre-fork (1.3.x model), single process/multiple threads, and various hybrids

      As a point of fact, OS X Server comes with Apache2 as well (check your /opt directory). It doesn't have a GUI interface though. I don't know why. Since the GUI only edits the 1.3.x config files and starts/stops the service, there is no technical reason why it couldn't be supported by the GUI. My guess is that Apple, just like any other company, has to pick and choose what it spends effort on. Opportunity costs and all that. They probably started development on the Admin GUI while 2.0.x was still relatively new and untested. At the time, supporting 1.3.x was a no-brainer.

      The web accelerator's tendency to redirect clients to port 16080 in some configurations is annoying though. It makes me wonder if Apache2 configured as a reverse proxy and using mod_cache would work just as well.

      As for your security concerns, switching to 2.0.x will not arbitrarily hand your bandwidth and personal files to everyone on the internet. File and Directory directives still apply.
  • There is absolutely no reason for a sane webmaster to use Apache 2.0.
    1.3 is fine, super-stable and most versions of 1.3 have the old Apache license. 2.0 is distributed under a new Apache license which cannot keep everyone happy. For example, Theo and his OpenBSD team decided to drop support for Apache in their OS.
    I have worked both with 1.3 and 2.0. 2.0 is modular and some people like it, but I think that monolithic programs are more stable and much more faster than modular ones.
    • Re:1.3 VS 2.0 (Score:5, Informative)

      by ttfkam ( 37064 ) on Friday October 22, 2004 @03:54PM (#10603314) Homepage Journal
      Where to begin...

      There is absolutely no reason for a sane webmaster to use Apache 2.0.

      1. HTTP 1.1 compliant mod_proxy
      2. Caching separated out from mod_proxy
      3. Faster flat file serving
      4. Content filtering
      5. Ability to match processing model to problem at hand (yes, some operating systems have fast threading libraries)
      6. New development done on this branch
      7. Better reuse of code and platform abstraction with APR

      Shall I go on? The proxy and cache improvements alone were worth the upgrade to me. As far as problems with PHP, the pre-fork processing module retains the advantages of 2.0.x while retaining the robustness of PHP on 1.3.x.

      There is absolutely no reason for a sane webmaster to use Apache 1.3.x on new installations unless they have an absolute showstopper incompatibility.

      That said, 1.3.32 has the newer Apache 2.0 license, not the old one. So here you have the choice of the new license or older versions with bugs and security flaws.

      Theo and his OpenBSD team have dropped support, it's true. Can you find the reason why? Is it because the FSF states that it isn't GPL compatible? No, that can't be it because the older license wasn't either. Could it be because of the patent termination clause -- if you put a patented algorithm in the code and sue someone over patent violation, you can no longer use Apache software? I never knew Theo and Co. to be in favor of protecting software patents in open source software. So why?

      I was able to find this comment from Theo: "We've been clear: Their new license contains more stuff, and we do not accept MORE STUFF in licenses."

      I'm sorry, that's a bullshit argument. Imagine if a group of lawmakers were writing code on the side to make their jobs easier, a group of professional programmers found a problem with the small program, submitted a patch, and the lawyers proclaimed, "We will not accept this new code patch because we lawyers can't understand it at first glance." It's the same thing here folks. If you want no legalese at all, you submit your code to the public domain and be done with it. Why do we have these licenses with legalese? Because the public domain isn't good enough in many regards. That's why the various open source and free software licenses exist. They are not present so that coders can sit back with a cup of tea by the fire reading them with enjoyment. They are formulated by a group of people working in the problem area in which they have specialized so that you and I don't have to reinvent the wheel badly. THIS IS THE SOLE REASON THE APACHE SOFTWARE FOUNDATION EXISTS!

      The day I want Theo acting as my legal advisor is the day that I want OJ's lawyers hacking my production kernel. That said, the Apache 2.0 license is NOT that hard to understand. As for Theo's charge of containing "more stuff", that's like saying v1.0 of the Linux kernel is automatically better than v2.6.9 because they've added "more stuff" to the newer version.

      I have worked both with 1.3 and 2.0. 2.0 is modular and some people like it, but I think that monolithic programs are more stable and much more faster than modular ones.

      As for the modular vs. monolithic tripe, what pray tell do you think 1.3.x is? See all those LoadModule directives in your httpd.conf file? Take away modules and Apache 1.3.x does NOTHING. What's that? You can compile modules in statically with 1.3.x? Guess what Einstein? You can also do it with 2.0.x. Apache 2.0.x is simply slightly more fine-grained modularity.

      Regarding the speed and stablility argument, I call bullshit. 2.0.x is faster than 1.3.x under every metric I have seen used from dynamic content generation to flat file serving. Hell! Even server-side include processing is faster in 2.0.x. As far as stability, where is your data? Neither goes down for me. Then again, when running PHP apps, I use the pre-fork module because so

      • I'm sorry, that's a bullshit argument

        it contains more unfree stuff in the license. that is the 'MORE STUFF' they will not accept into the tree
        • Re:1.3 VS 2.0 (Score:3, Interesting)

          by ttfkam ( 37064 )
          The old license (and the BSD license) only dealt with copyright, not patents. The Apache 2.0 license adds a patent clause.

          If you get into a patent war with the ASF, you can't use ASF code anymore. This is terribly unfree? Apparently we have differing views on what "free" is. Since a software developer needs a cadre of patent lawyers on their side with the way things are going on the software patent arena, I for one welcome the clause. It allows me the freedom to compete and participate in a field that
  • by jimjag ( 68949 ) on Friday October 22, 2004 @03:14PM (#10602778) Homepage
    Even though the 1.3.32 tarballs are available, it wasn't really officially released. The tarballs are placed there "early" so the mirrors can grab them and have them available before we release...
  • Apache 2 (Score:3, Insightful)

    by Goo.cc ( 687626 ) on Friday October 22, 2004 @10:57PM (#10606583)
    It seems like most people are sticking with Apache 1.3.x instead of migrating to Apache 2.x.

    I was wondering why this is. Is there something bad about the 2.x release, or are people simply sticking with what they know?
    • Re:Apache 2 (Score:1, Insightful)

      by Anonymous Coward
      It's more of a case of "why break what's not broken?". The only reason I have Apache2 installed right now is because of SVN.
    • Re:Apache 2 (Score:1, Insightful)

      by Anonymous Coward
      Could be because 1.3 does everything that could be expected from a web server, and if not - there are loads of modules.
    • Myself, I like thttpd more, but when I need to use Apache, I stich to 1.3.x as I'm not used to 2.x for dynamic modules, and also 2.x conflicts with some PHP DSOs.
    • Re:Apache 2 (Score:2, Informative)

      by neuroscr ( 132147 )
      Its the important modules: mod_ssl, mod_php, mod_perl, and various others are not all thread safe.
  • by Anonymous Coward

Do you suffer painful hallucination? -- Don Juan, cited by Carlos Casteneda

Working...