apache 1.3.26?

[Paul J. Lucas]

On Mon, 24 Jun 2002, Stefan Jeglinski wrote:

> This is on a production server and I need this to be as clean an update as
> possible.

	Which is why I certainly wouldn't trust a production server's
	build or configration to anybody but me.

> I'm going to first put it offline to be overly safe,

	Good idea, but that's common practice for a production
	environment.

> but I don't have a lot of time to spend with it either.

	Are you getting paid to do this?

> Is it safe to assume that the config file with 1.3.12 (my current version)
> will just go?

	I certainly wouldn't.  Do you really want to risk problems with
	your production server?  Do you really want to have your boss
	chew you out or fire you if it screws up?

	For any production server I ever ran, I always took the few
	extra minutes to (visually) diff my current and the new config
	files.

> With the recent proof of exploit by Gobbles, the Apache Software 
> Foundation now states that the risk is high. I'd have hoped for 
> comment from YellowDog on this by now...

	What's Yellow Dog got to do with anything?  They don't work on
	Apache.  They just copy a snapshot of it and throw it on their
	CD and sell it to you.

	- Paul