Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 2232E200B4A for ; Wed, 20 Jul 2016 16:35:51 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 207BB160A64; Wed, 20 Jul 2016 14:35:51 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 67598160A5B for ; Wed, 20 Jul 2016 16:35:50 +0200 (CEST) Received: (qmail 50099 invoked by uid 500); 20 Jul 2016 14:35:49 -0000 Mailing-List: contact dev-help@community.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@community.apache.org Delivered-To: mailing list dev@community.apache.org Received: (qmail 50087 invoked by uid 99); 20 Jul 2016 14:35:49 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Jul 2016 14:35:49 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id ADDCBC06F1 for ; Wed, 20 Jul 2016 14:35:48 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.299 X-Spam-Level: * X-Spam-Status: No, score=1.299 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=rowe-clan-net.20150623.gappssmtp.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id BZWeKunUi8EU for ; Wed, 20 Jul 2016 14:35:45 +0000 (UTC) Received: from mail-it0-f42.google.com (mail-it0-f42.google.com [209.85.214.42]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 9F4C45FC52 for ; Wed, 20 Jul 2016 14:35:44 +0000 (UTC) Received: by mail-it0-f42.google.com with SMTP id j124so51972582ith.1 for ; Wed, 20 Jul 2016 07:35:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rowe-clan-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=2DPlhjXMfW0WSHGjW4SgnPqxbSkeVm/xpBz2/QGk7Oo=; b=IVWoai9Hj0BI9WbT8iTaFaG4LpAHGTfluFJgwWGGYyfp+3ZGpo+zK4CqHXYADbr+Sz d53BWPMpylkaT1e0dukBCZ8fQUFK4bHA+rMKvu2iuKQ7DeS0JK9Mojk82IQh8YxBXFQr J0pcbwppFuZHEuDw7kiaLytNqBpqs8wD4pvP6eHgy5Nlmf5e0LxUWLcMjnvKjNx7xcDE ffKCrOHTRp7QoSAqVNOW8JE8Z6rtB2P9kEIaFSZFbuq63cpTZDLcTIeCfENah1ldhVUj XKo4CHcmh9fC+nMefnK9vM+rSkEap+kWAYA7Bo7DS+mSBzNGXMWnqSQuNF2Z9oXT+lln 1/6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=2DPlhjXMfW0WSHGjW4SgnPqxbSkeVm/xpBz2/QGk7Oo=; b=cid39eFPw/Y3gjPtn2Z7Uw+SaHi2MkjE5Blfxxt8kgoHiCgVQdHA6oCY/eA1G563gt SlfbTXbZfFn8R/bQ7R8qEG0ayEoWnGz7seYRKzjv2bCyMZvPf2veEBVgemsspeN8hdBQ 4WSq87nvkUDapv5joCe3YmFW8RCg4xmKi48VIqZ2OfDqTMXyOiE0Xeh9CfWJQtyx0oPw yQFHCZ3Spqwmg6yAHPBhjOUkjm/g4ZrkNk5AqoIFRzQW7SHw36MavxdrRVlMnRNfyEDJ I8hPp3E7TfUrTj6vo92vlJmBQHEAxfy8K6rOkHT3/+qTdmG4RAddZ+y+crOre9tlgM1N ITxg== X-Gm-Message-State: ALyK8tKpEAT/hXMqx1t20OFFzjis33rhZ91sMijul+JCPX07i7jIdW/f6gxIGyPi7BwM8FJJzYmFeyQYed6fFmI8 X-Received: by 10.36.54.135 with SMTP id l129mr10140207itl.73.1469025336852; Wed, 20 Jul 2016 07:35:36 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.6.85 with HTTP; Wed, 20 Jul 2016 07:35:36 -0700 (PDT) In-Reply-To: References: From: William A Rowe Jr Date: Wed, 20 Jul 2016 09:35:36 -0500 Message-ID: Subject: Re: Cross-project blog post? To: ComDev Content-Type: multipart/alternative; boundary=001a1143f3525ea2bc0538121d52 archived-at: Wed, 20 Jul 2016 14:35:51 -0000 --001a1143f3525ea2bc0538121d52 Content-Type: text/plain; charset=UTF-8 On Wed, Jul 20, 2016 at 6:27 AM, Konstantin Kolinko wrote: > 2016-07-20 12:37 GMT+03:00 Bertrand Delacretaz : > > On Tue, Jul 19, 2016 at 8:02 PM, William A Rowe Jr > wrote: > >> What if we digest the audience and list the scope (different projects > which > >> are impacted/offering mitigations) in a more conversational tone, > mention > >> the httpoxy URL and just point the reader to > >> https://www.apache.org/security/asf-httpoxy-response.txt for all the > >> detailed workarounds we've offered?... > > > > That sounds good to me, here's a minimal suggestion that we might > > publish at https://blogs.apache.org/foundation/ unless you want > > something more complete. > > > > *** > > Title: "httpoxy" CGI vulnerability response > > > > A group of ASF projects (HTTP, Tomcat, Traffic Server, Perl) has > > analyzed the CGI application vulnerability recently published at > > https://httpoxy.org/ > > > > Their detailed analysis, targeted at Web server administrators and CGI > > developers and including mitigation information, can be found at > > https://www.apache.org/security/asf-httpoxy-response.txt > > *** > > > I think that perl in list of ASF projects should be spelled "Perl > (mod_perl)", > to distinguish it from Perl programming language as a whole. > > Also HTTP in that list to be spelled "HTTP Server" > Good points, think we can go with your text plus these edits, Bertrand. Thanks! Bill --001a1143f3525ea2bc0538121d52--