[Info-vax] Apache log rotation
Paul Sture
paul.nospam at sture.ch
Sun Aug 12 08:19:38 EDT 2012
On Sun, 12 Aug 2012 10:46:17 +0000, Simon Clubley wrote:
> On 2012-08-12, Paul Sture <paul.nospam at sture.ch> wrote:
>> On Sat, 11 Aug 2012 12:31:48 -0500, Craig A. Berry wrote:
>>
>>> In article <k05jsh$cdd$1 at dont-email.me>,
>>> Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>>>
>>>> FWIW, the VMS Apache V2.2 port is 2.0.63, and that's two major
>>>> releases behind current Apache (2.4.2), so I wouldn't assume what
>>>> source code and icons is included in the VMS port aligns with current
>>>> Apache reality. Yes, the newest Apache 2.0.x version is 2.0.64; we
>>>> might see that one.
>>>
>>> And as far as I can tell SWS still has no patch for the killapache.pl
>>> exploit, which has its one-year anniversary in the next week or two.
>>
>> Going further back there was a documented problem with flushing the
>> logfile. It was stated at the time that this would be "fixed in a
>> future release" but I heard nothing more on the subject.
>>
>>
> Security issues remaining unfixed for over a year in VMS Apache is a
> common problem.
>
> At the time of the last Apache patch release, I noticed that a number of
> the security issues fixed had been discovered well over a year prior to
> the patch release and the odd one was several years old.
>
> I'm seriously glad I moved off VMS Apache to Linux Apache many years
> ago.
> For website applications, VMS (when in use) is now just a data backend
> to various web front ends with data been served over a local LAN.
My reason for moving off VMS Apache was heat and noise in my home
office. I never compared electricity meter readings but I wouldn't be
surprised if the entry level package I started with cost me less than the
savings I made by not running my Alpha 24 hours a day. Yes, I upgraded
to a better package to get SSH access, but it's still not expensive.
Another problem I had with VMS Apache was that when I enabled https it
was unacceptably slow. I may have been overambitious with the key length
there, but it really was painful to watch.
--
Paul Sture
More information about the Info-vax
mailing list