www-mirrors mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Mitchell <st...@mirrorcentral.com>
Subject Re: Mirror Update time
Date Thu, 24 Oct 2002 15:11:26 GMT
I would completely disagree.  Assuming that they are not vulnerable 
because of apache's version number is a bad assumption.

For instance, I'm running 1.3.23 patched to a particular level (not 
saying) that has eliminated all vulnerabilities currently offered.  My 
operating system maintainer provides these packages free of charge, and 
this process doesn't require me to upgrade constantly from minor version 
to minor version.  

I mirror a significant amount of Apache traffic, and I would hate to 
lose that as a result of a mis-informed choice.

Andrew Kenna wrote:

>Yes that correct, if no one has any major problems with that, the main reason why I think
people should be running at least 1.3.26.
>
>** Security holes exist in versions of apache older than 1.3.26
>** running a later version of apache offers more features
>
>Would you agree though that people who are running anything older than apache 1.3.23 should
be removed, as that gives me the impression they have either ceased employment from where
the mirror is maintained or they really don't care anymore.
>
>
>Andrew
>
>
>-----Original Message-----
>From: Steve Mitchell [mailto:steve@mirrorcentral.com]
>Sent: Thursday, 24 October 2002 2:51 PM
>To: mirrors@apache.org
>Subject: Re: Mirror Update time
>
>
>So you want to remove people that aren't running 1.3.26 or greater 
>because?  
>
>Andrew Kenna wrote:
>
>  
>
>>People, please follow the steps outlines on http://httpd.apache.org/
>>The following are mirrors that are no longer valid, meaning 1 of the following
>>
>>1) They are un-reachable
>>2) They do not contain the latest version of apache
>>3) They are running a version of apache pre-dating 1.3.26
>>
>>Does anyone have any problems with removing mirror sites that are running versions
of apache prior to 1.3.26 ? 
>>
>>If not, and if I don't hear anything from the guys(after waiting 1 week) that maintain
these web sites listed below they will all be removed from the official apache mirrors list.
>>
>>http://gd.tuwien.ac.at/infosys/servers/http/apache/dist/
>>http://www.fokus.gmd.de/apache/dist/httpd/
>>http://ftp.heanet.ie/mirrors/www.apache.org/dist/
>>http://apache.fresh.co.il/dist/
>>http://apache.happysize.co.jp/
>>http://mirror.nucba.ac.jp/mirror/apache/dist/ - Apache 1.3.14
>>http://elfas.kauko.lt/dist/ - Apache 1.3.23
>>http://myapache.i-ownur.info/
>>http://sunsite.icm.edu.pl/apache/dist/ - Apache 1.3.9
>>http://apache.chg.ru/dist/ - Apache 1.3.22
>>http://apache.en.com.sg/
>>http://apache.siol.net/dist/ - Apache 1.3.4( this guy wins the for oldest verion of
apache running on a mirror site)
>>http://noc.cvaix.com/mirrors/apache/
>>http://www.apache.inetcosmos.org/dist/ - Apache 1.3.19
>>http://apache.insync.za.net/ - Apache 1.3.22
>>http://apache.mirrorcentral.com/dist/ - Apache 1.3.23
>>http://apache.ttlhost.com/ - Apache 1.3.23
>>http://mirrors.ccs.neu.edu/Apache/dist/ - Apache 1.3.14
>> 
>>
>>    
>>
>
>  
>


Mime
View raw message