On 04/27/2016 12:30 AM, James Hogarth wrote:
*snip*
Unless you have a very specific requirement for a very bleeding edge
feature it's fundamentally a terrible idea to move away from the
distribution packages in something as exposed as a webserver ...
I use to believe that.
However I no longer.
First of all, advancements in TLS happen too quickly.
The RHEL philosophy of keeping API stability for as long as the release
is supported means you end up running old protocols and old cipher
suites and don't have the new protocols and cipher suites available.
That's a problem.
With respect to Apache and PHP -
There is a lot of benefit to HTTP/2 but you can't get that with the
stock Apache in RHEL / CentOS 7. You just can't.
The PHP in stock RHEL / CentOS is so old that web application developers
largely are not even using it anymore, resulting in some web
applications that just simply don't work unless you update the PHP to
something more modern.
It's a nice idealistic philosophy to want to keep the same versions and
backport security fixes and keep everything API compatible but in real
world practice, it makes your server stale.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
