www-mirrors mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "myfriend.is.not.my.enemies.org" <ikmal_ah...@yahoo.com>
Subject Re: Mirror Update time
Date Thu, 24 Oct 2002 09:20:00 GMT

Actually Andrew concern is about security for all apache mirror.
I think this can seatle if every administrator/maintainer apply pathes for their Apache webserver.
 But how we know's which Apache have been patch or not.  I think that's why Andrew want to
do like that.
 
 Thom May <thom@positive-internet.com> wrote: * Andrew Kenna (andrewk@stamina.com.au)
wrote :
> People, please follow the steps outlines on http://httpd.apache.org/
> The following are mirrors that are no longer valid, meaning 1 of the following
> 
> 1) They are un-reachable
> 2) They do not contain the latest version of apache
> 3) They are running a version of apache pre-dating 1.3.26
> 
> Does anyone have any problems with removing mirror sites that are running versions of
apache prior to 1.3.26 ? 

Yes, this is bogus. Most OS distributions prefer to backport patches rather
than enforce an upgrade on their users. 
Debian's 2.2 release (the last but one, and still recieving updates) has a
fully patched 1.3.9 version in, which is as secure as 1.3.26.
So you're just causing admins extra work for no real reason.
-Thom


---------------------------------
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
Mime
View raw message