apache 1.3.26?
Konstantin Riabitsev
yellowdog-general@lists.terrasoftsolutions.com
Mon Jun 24 13:59:01 2002
--=-TmmgLrpDrleUitwVmo64
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Mon, 2002-06-24 at 14:22, Paul J. Lucas wrote:
> > You don't really gain much by wanting 1.3.26.
>=20
> Except the recent security-hole fix. That's the entire point of
> that release.
Notably, I said "get an src.rpm from the updates tree" -- that version
has a back-ported fix for the vulnerability. Apart from this fix, there
is not much difference between running 1.3.24-24(with a patch for
chunks) vs a 1.3.26.
> > You can also try rebuilding apache-1.3.23-14 from the 7.3 updates -- it
> > should work just fine as well without the gotchas of trying to use an R=
PM
> > from some other distro or building things from source.
>=20
> There are no "gotcha's" in building from source. If somebody
> is a sysadmin and can't build Apache from source, s/he should
> be fired for being incompetent.
Terrific. Now imagine 100 servers running apache. What are you going to
do, compile from source on all of them? Or are you going to use a
pre-packaged version so you can upgrade them in a few minutes vs.
several hours?
I'm not sure which is more incompetent.
--=20
0> Konstantin ("Icon") Riabitsev
/ ) Duke University Physics Sysadmin
~ www.phy.duke.edu/~icon/pubkey.asc
--=-TmmgLrpDrleUitwVmo64
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEABECAAYFAj0XelcACgkQlVxa81EWb4i/DQCg2KIa2+wYrKvpLkeLE4K+Vlyy
GWgAoLHrgdsIHUwdVpSzqNMsjnf59kxP
=2IVQ
-----END PGP SIGNATURE-----
--=-TmmgLrpDrleUitwVmo64--