Re: Backport request for Lghttpd 1.69 for Bullseye

To: Boyuan Yang <byang@debian.org>
Cc: Petri Riihikallio <petri.riihikallio@metis.fi>, team+lighttpd@tracker.debian.org, debian-backports@lists.debian.org
Subject: Re: Backport request for Lghttpd 1.69 for Bullseye
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Fri, 22 Sep 2023 14:39:39 -0400
Message-id: <ZQ3fa+/bjNkFVjYE@xps13>
In-reply-to: <[🔎] 001cfd2839cb8b4b20134fd72767c49c79ad0123.camel@debian.org>
References: <[🔎] CB7FCF60-27F5-474B-AF6D-D172CAAFCEC6@metis.fi> <[🔎] 001cfd2839cb8b4b20134fd72767c49c79ad0123.camel@debian.org>

On Fri, Sep 22, 2023 at 08:25:26AM -0400, Boyuan Yang wrote:
> Hi,
> 
> 在 2023-09-21星期四的 21:00 +0300，Petri Riihikallio写道：
> > Hello, I’ll go for this again.
> > 
> > I have a project with several thousand users upgrading to Bullseye (because of Java 11). They would benefit greatly from Lighttpd 1.64 or later because that is the first
> > version to log remote IP addresses to its error log for Fail2Ban. Version 1.69 is already available for Bookworm and testing. I don’t need any Lighttpd add-on packages.
> > 
> > Any help is greatly appreciated.
> 
> Forwarding your request to the current Debian lighttpd maintainers to see
> whether they are interested in such task. If anyone prepares a backported
> version for bullseye-backports (or bullseye-backports-sloppy), I will be
> happy to review and sponsor the upload.

I'll be happy to put together a backport in a week or so (the first week
of October) as I am currently in the midst of preparing to release
lighttpd 1.4.72.

Boyuan: thank you for the offer to sponsor.  I'll take you up on it in
early Oct.  If you're willing to sponsor bullseye-backports-sloppy, then
I'll backport 1.4.72 about a month after the 1.4.72 release, and may do
the same for buster-backports-sloppy.

Petri: the lighttpd codebase is very, very portable and if you want to
test in the meantime, you should just be able to take the source from
https://salsa.debian.org/debian/lighttpd/ and dpkg-buildpackage on
Bullseye.  While some older, lesser used modules have been deprecated
and removed, I doubt too many people are affected, so the lighttpd
package should "just work" for most people on older Debian releases.

I recommend reviewing the upstream release notes for each lighttpd
version back to the ancient one you are running, and paying attention to
the Behavior Changes section (if present) in each of the release notes:
  https://redmine.lighttpd.net/projects/lighttpd/news
(See "Previous version:" link near top of each release notes to get
 to older release notes.)

Behavior Changes are very often low impact, such as increasing the
security of the default cipher list used by the lighttpd TLS modules.

Cheers, Glenn
lighttpd developer

Reply to:

Follow-Ups:
- Re: Backport request for Lghttpd 1.69 for Bullseye
  - From: Boyuan Yang <byang@debian.org>

References:
- Backport request for Lghttpd 1.69 for Bullseye
  - From: Petri Riihikallio <petri.riihikallio@metis.fi>
- Re: Backport request for Lghttpd 1.69 for Bullseye
  - From: Boyuan Yang <byang@debian.org>

Prev by Date: Re: Backport request for Lghttpd 1.69 for Bullseye
Next by Date: Re: Backport request for Lghttpd 1.69 for Bullseye
Previous by thread: Re: Backport request for Lghttpd 1.69 for Bullseye
Next by thread: Re: Backport request for Lghttpd 1.69 for Bullseye
Index(es):
- Date
- Thread