Chris Travers wrote:
Hi all; I am wondering what people think of dropping support for Apache from versions 2.0.0 through 2.0.43 as of LedgerSMB 1.3. These versions have a bug in them which we currently work around involving escaping urls. The bug was corrected in 2.1, 2.2, and 2.0.44. My own preference is to assume that bugs fixed in a stable branch of software should be deemed fixed in our code as well. This helps encourage people to be up to date (within the stable branch) and therefore helps encourage better security. But if these updates are not readily available to users, I think we should still support the older version. Any feedback?
My view and 2c worth.I am quite a Debian fan (read bigot :) and I am aware the Debian often trails other distributions for package releases. Saying that even Debian stable http://packages.debian.org/cgi-bin/search_packages.pl?keywords=apache&searchon=names&subword=1&version=stable&release=all has Apache 2.0.54 (and of course 1.3.33)
If a server is still running Aache < 2.0.44 I suspect that there may be more to worry about that just Apache. Could be a good prompt for people to look at their system.
As long as the dependency is made very CLEAR I think this is a good idea and if it helps clear out and make simpler the code, an even better idea.
W