[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: whether to drop support for Apache 2.0 < 2.0.44

Chris et al,

I am wondering what people think of dropping support for Apache from
versions 2.0.0 through 2.0.43 as of LedgerSMB 1.3.  These versions
have a bug in them which we currently work around involving escaping
urls.  The bug was corrected in 2.1, 2.2, and 2.0.44.

In principle I think that is a sound move, from both the 'enforcing end user security' angle as well as from your own point of view: maintaining more code means more potential for bugs.

But if these updates are not readily available to users, I think we
should still support the older version.  Any feedback?

I think you may need to resort to democratic principles here: organise a vote :-). The only concern could be harm to people that for some reason have to run an 'older' distro like SLES 9 because of software they have on top (a typical example is OpenExchange), but I think even that distro has passed the 2.0.44 version of Apache2.

Back to the vote: you've got mine, not in the least because I haven't installed it yet (wide grin). That may change as early as next week, depends on how quickly I can set up an OpenSuSE 10.2 box.

/// P ///