Discussion on NGINX and inclusion in Main
Thomas Ward
teward at ubuntu.com
Tue May 28 16:40:26 UTC 2013
Hello to the server mailing list!
Two meetings ago (that is to say, the meeting that was on May 21, 2013), I
brought up a brief discussion on nginx and a request that came up in a bug
to include it on the server images.
While the comment in question on the bug which merged 1.4.1 from Debian
into Saucy asked to change the default webserver from Apache to nginx, I
don't support that. However I might be inclined to support it as an
additional option in tasksel such as "NGINX web server" or similar.
We briefly discussed this during the meeting, and decided to move the
discussion, for the mean time, to the mailing list.
So, this is generally a discussion at this point, primarily on whether we
should consider its inclusion in main. The key issue as it stands is
whether it meets all the Main Inclusion Requirements [1]. One issue I know
was a problem in a past was the security coverage of the package.
According to the Security Team's tracker for nginx cves [2], there are
three open CVEs. I have already uploaded debdiffs for consideration for
CVE-2013-2070 [3] and am waiting on the community contact for the security
team to go through the debdiffs as attached to the Launchpad bug listed on
the security team tracker.
Note that I'm just the "unofficial adopter" of the nginx package in Ubuntu.
I do maintain, to some extent, the nginx team's PPAs, but those are based
solely on Debian and me merging in Upstream changes every few weeks. I
can't fix segfaults, or other code changes, I forward those to either
upstream or Debian.
If someone more well-versed in the inclusion process would like to start
looking through requirements and bringing up the key issues they see,
that'd be great, as I'm not well versed in the requirements, although I
have linked them. At this point, I'd like this to just be a general
discussion. I will comment as things come up, but for now I'm 50/50 split
on whether I'd like to see nginx included in main.
[1] https://wiki.ubuntu.com/UbuntuMainInclusionRequirements
[2] http://people.canonical.com/~ubuntu-security/cve/pkg/nginx.html
[3] http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2070.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20130528/daa5db72/attachment.html>
More information about the ubuntu-server
mailing list