On 8/22/06, Jignesh Badani <jbadani@xxxxxxxx> wrote:
Thanks Nick, it makes sense. So can I assume that the Apache group is fine with its user base using 3rd party mod_security and that they do not plan to develop something similar ? The reason I am confused is I see Ryan Barnett as Team Lead for "Internet Security Apache Benchmark Project" and he talks/writes a lot about mod_security.
I think you are referring to the "Center for Internet Security Apache Benchmark Project". Note that the Center for Internet Security is not affiliated in any way with the Apache Software Foundation, the makers of the Apache HTTP Server. The developers of the Apache HTTP Server are, however, VERY happy to have third parties develop and release modules for the server. The one issue to consider with mod_security is that (unless you pay for it) it is GPL licensed. Depending on who you ask, linking GPL and Apache-licensed code may or may not be legal. If it is legal, the result is almost surely GPL licensed. This isn't likely a problem for an end-user of mod_security, but would be a big issue if you wanted to redistribute Apache httpd with mod_security. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|