On 04/27/2016 12:30 AM, James Hogarth wrote: *snip*
Unless you have a very specific requirement for a very bleeding edge feature it's fundamentally a terrible idea to move away from the distribution packages in something as exposed as a webserver ...
I use to believe that.
However I no longer.
First of all, advancements in TLS happen too quickly.
The RHEL philosophy of keeping API stability for as long as the release is supported means you end up running old protocols and old cipher suites and don't have the new protocols and cipher suites available.
That's a problem.
With respect to Apache and PHP -
There is a lot of benefit to HTTP/2 but you can't get that with the stock Apache in RHEL / CentOS 7. You just can't.
The PHP in stock RHEL / CentOS is so old that web application developers largely are not even using it anymore, resulting in some web applications that just simply don't work unless you update the PHP to something more modern.
It's a nice idealistic philosophy to want to keep the same versions and backport security fixes and keep everything API compatible but in real world practice, it makes your server stale.