Request for review / approval: mod_security.

Sat Jul 9 09:48:00 UTC 2005

On Sat, 9 Jul 2005 11:06:54 +0200. Oliver Falk waffled thusly:

> Michael Fleming wrote:
> > On Fri, 08 Jul 2005 16:20:01 +0200. Oliver Falk waffled thusly:
> [ ... ]
> > > On 07/08/2005 03:56 PM, Michael Fleming wrote:
> > > > Hi folks,

< mod_security needs approval :-) >

> > >   - Why does the new package not depend on http(/-devel) >= 
> > > 2.0.38, as the old package in CVS does?
> > 
> > I'm a little torn on this one - httpd-devel is indeed needed 
> > (and is listed in the BR unless my brain has completely gone 
> > to mush) but the explicit version I could probably drop.
> > 
> > There are some packages out there that are actually httpd 
> > 1.3.x branch (for old-schoolers who just don't want to 
> > upgrade to Apache 2 yet. Each to their own I guess) and the 
> > version check would stop attempts to use it resulting in 
> > their Apache 1.3 install blowing up on them.
> 
> But old apaches, are called apache (do provide webserver, but not 'httpd'
> and not 'httpd-devel') and your package will not work this way... Believe
> me, I'm running 1.3 apache installs. :-) So for compatibility reasons,
> it's useless. Also FC/FE doesn't have apache 1.3.x packages...

True. I'm thinking of potential third-party packagers who do (yeah, I've
seen at least one case of a "httpd-1.3.x" out there..), and whose repos
users might mix FE with (I've also seen a couple of instances of users
trying a "one with everything" yum.repos.d setup - can we have a "train
wreck" waiting to happen folks?)

OTOH they can learn from the experience, if they get it to install
anyway :-)

> > On the other hand if they're particular enough to downgrade 
> > it they can pay attention to the version this package is 
> > actually intended for.
> 
> However, if you like to drop the explicit version dependency, that's OK.

I've already done this :-)

> > > Best,
> > >   Oliver
> > 
> > Updated SRPM
> > http://www.enlartenment.com/extras/mod_security/mod_security-1
> > .8.7-3.src.rpm
> > 
> > I do have a CVS branch in -devel for this, I'll ensure it's 
> > synced so I don't confuse myself and others :-) (I'd 
> > requested review before but never got formal build approval)
> 
> There's no need for a 'build approval', you only need a cvs import
> approval, after the package is in CVS, you can - more or less - do what
> you want... :-)

I don't ever recall seeing or sending an APPROVED message for this one -
if the spec and build are OK can we arrange one, just to ensure all the
i's crossed and t's dotted? ;-) 

> Please don't forget to request CVSSync if you intend to build the package
> for other branches as well (others than the 'devel'):
> http://fedoraproject.org/wiki/Extras/CVSSyncNeeded

Will do (would like to get FC3 / FC4 branches once a devel branch install
succeeds )

> And if you havn't done yet, also request a bugzilla entry:
> http://fedoraproject.org/wiki/Extras/BugzillaAdmin

Again, will do. I've no doubt some folks will want some extra default rule
changes at some stage :-)

> >From my point, you've got the approval to import the new spec and request
> build! Even if this approval is not needed....

Already done (the exisiting version was a bit lacking, this one syncs with
what you've reviewed.)

> Best,
>  Oliver

Cheers,
Michael.

-- 
Michael Fleming <mfleming at enlartenment.com>
"Bother" said the Borg, "We've assimilated Pooh!"