3rd party module move: nginx-openssl-version
Phil Pennock
nginx+phil.pennock at spodhuis.org
Tue Aug 13 19:14:18 UTC 2019
This is about a third-party module: nginx-openssl-version
and its sudden new home.
Back when HeartBleed struck, I wrote an nginx module to provide for
configuration to be able to specify a minimum acceptable version of the
OpenSSL library and turn non-matches into fatal configuration errors,
trading off availability for security. I know that a few people started
using it. It's not massively popular, but it is used.
My employer at the time was Apcera and the module was published under
their GitHub repo. Apcera was purchased a few years ago, and today the
new owner suddenly closed all non-fork GitHub repos without notice.
A few people have forks; the code has not seen updates, but only because
it _works_ and hasn't needed changes. I still routinely build nginx
using this module. If there are further changes needed, then I will
make my changes available under the same (MIT) license.
Since I wrote the code in the first place, I think that I can get away
with decreeing that my GitHub fork is now the canonical home.
https://github.com/PennockTech/nginx-openssl-version
Replace `--add-module` references:
old: github.com/apcera/nginx-openssl-version
new: github.com/PennockTech/nginx-openssl-version
I will submit a wiki PR shortly.
Thanks for reading,
-Phil
More information about the nginx
mailing list