Comment 1 for bug 1797897

Revision history for this message
Thomas Ward (teward) wrote :

I realized in IRC I failed to explain properly what happens here.

Related:
https://forum.nginx.org/read.php?29,270210,270213#msg-270213 and
http://mailman.nginx.org/pipermail/nginx-devel/2018-May/011119.html

IN a nut-shell, what --with-compat does is allow people who build NGINX dynamic modules against NGINX in a separate compilation to take their compiled .so modules and include them in the NGINX versions on Ubuntu on their local machine. It would allow someone who, say, built modsecurity for NGINX dynamically and separately to `include` the configuration to enable the modsecurity module for NGINX without having to recompile and install manually alongside it the entire NGINX binary and all the other modules.

From a Security perspective, the only concern would be that third-party modules could be built dynamically then included and activated in individual users' NGINX builds on their own systems. As that happens separately from the NGINX package in Ubuntu, any issues stemming from such inclusions are "End User Problems" and not directly related to the NGINX packages in Ubuntu.

This has some considerations before it gets inserted, as to whether we want users to be able to dynamically compile and include extra modules outside of the binaries we ship already.

However, this bug and the request was prompted thanks to an uptick in requests (10 over 2 days from 10 separate individuals) in my email to enable this functionality both for the PPAs and for Ubuntu.