apache 1.3.26?
Paul J. Lucas
yellowdog-general@lists.terrasoftsolutions.com
Mon Jun 24 12:41:01 2002
On Mon, 24 Jun 2002, Stefan Jeglinski wrote:
> This is on a production server and I need this to be as clean an update as
> possible.
Which is why I certainly wouldn't trust a production server's
build or configration to anybody but me.
> I'm going to first put it offline to be overly safe,
Good idea, but that's common practice for a production
environment.
> but I don't have a lot of time to spend with it either.
Are you getting paid to do this?
> Is it safe to assume that the config file with 1.3.12 (my current version)
> will just go?
I certainly wouldn't. Do you really want to risk problems with
your production server? Do you really want to have your boss
chew you out or fire you if it screws up?
For any production server I ever ran, I always took the few
extra minutes to (visually) diff my current and the new config
files.
> With the recent proof of exploit by Gobbles, the Apache Software
> Foundation now states that the risk is high. I'd have hoped for
> comment from YellowDog on this by now...
What's Yellow Dog got to do with anything? They don't work on
Apache. They just copy a snapshot of it and throw it on their
CD and sell it to you.
- Paul