[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: whether to drop support for Apache 2.0 < 2.0.44

Subject: Re: whether to drop support for Apache 2.0 < 2.0.44
From: "Chris Travers" <..hidden..>
Date: Wed, 14 Mar 2007 17:13:17 -0700

First, Apache 1.3 will still be supported for the foreseable future.
So older distros could still fall back on even older packages.

Second, I would expect that in that case SuSE might have security
updates to a later 2.0.x.  The only exceptions might be people who are
unable to upgrade due to compatibilty issues (maybe they wrote
software that depends on bugs and don't know how to fix it?) but in
that case, I am perfectly confident in saying "run another web server
instance."

My viewpoint is that if it affected *all* 2.0.x versions, I would say
workaround it, but since it is supported in 2.0.44 and later,

Instead of a vote, I am looking for any objections that may amount to
a veto.  I.e. If there are valid objections, I would rather listen to
those before resorting to a vote and even then try to accomodate the
concerns.

Best Wishes,
Chris Travers

On 3/14/07, Peter Houppermans <..hidden..> wrote:

Chris et al,

> I am wondering what people think of dropping support for Apache from
> versions 2.0.0 through 2.0.43 as of LedgerSMB 1.3.  These versions
> have a bug in them which we currently work around involving escaping
> urls.  The bug was corrected in 2.1, 2.2, and 2.0.44.
>

In principle I think that is a sound move, from both the 'enforcing end
user security' angle as well as from your own point of view: maintaining
more code means more potential for bugs.

> But if these updates are not readily available to users, I think we
> should still support the older version.  Any feedback?
>

I think you may need to resort to democratic principles here: organise a
vote :-).  The only concern could be harm to people that for some reason
have to run an 'older' distro like SLES 9 because of software they have
on top (a typical example is OpenExchange), but I think even that distro
has passed the 2.0.44 version of Apache2.

Back to the vote: you've got mine, not in the least because I haven't
installed it yet (wide grin).  That may change as early as next week,
depends on how quickly I can set up an OpenSuSE 10.2 box.

/// P ///

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Ledger-smb-users mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-users

Follow-Ups:
- Re: whether to drop support for Apache 2.0 < 2.0.44
  - From: John Locke

References:
- Question whether to drop support for Apache 2.0 < 2.0.44
  - From: Chris Travers
- Re: whether to drop support for Apache 2.0 < 2.0.44
  - From: Peter Houppermans

Prev by Date: Re: Question whether to drop support for Apache 2.0 < 2.0.44
Next by Date: Sales tax on purchases
Previous by thread: Re: whether to drop support for Apache 2.0 < 2.0.44
Next by thread: Re: whether to drop support for Apache 2.0 < 2.0.44
Index(es):
- Date
- Thread