apache 1.3.26?

[Konstantin Riabitsev]

--=-TmmgLrpDrleUitwVmo64
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2002-06-24 at 14:22, Paul J. Lucas wrote:

> > You don't really gain much by wanting 1.3.26.
>=20
> 	Except the recent security-hole fix.  That's the entire point of
> 	that release.

Notably, I said "get an src.rpm from the updates tree" -- that version
has a back-ported fix for the vulnerability. Apart from this fix, there
is not much difference between running 1.3.24-24(with a patch for
chunks) vs a 1.3.26.

> > You can also try rebuilding apache-1.3.23-14 from the 7.3 updates -- it
> > should work just fine as well without the gotchas of trying to use an R=
PM
> > from some other distro or building things from source.
>=20
> 	There are no "gotcha's" in building from source.  If somebody
> 	is a sysadmin and can't build Apache from source, s/he should
> 	be fired for being incompetent.

Terrific. Now imagine 100 servers running apache. What are you going to
do, compile from source on all of them? Or are you going to use a
pre-packaged version so you can upgrade them in a few minutes vs.
several hours?

I'm not sure which is more incompetent.

--=20
 0>  Konstantin ("Icon") Riabitsev
/ )  Duke University Physics Sysadmin
 ~   www.phy.duke.edu/~icon/pubkey.asc

--=-TmmgLrpDrleUitwVmo64
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEABECAAYFAj0XelcACgkQlVxa81EWb4i/DQCg2KIa2+wYrKvpLkeLE4K+Vlyy
GWgAoLHrgdsIHUwdVpSzqNMsjnf59kxP
=2IVQ
-----END PGP SIGNATURE-----

--=-TmmgLrpDrleUitwVmo64--