httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject Re: Closing file descriptors...
Date Thu, 27 Apr 1995 14:40:50 GMT
   From: (Elizabeth Frank)
   Date: Thu, 27 Apr 1995 10:14:59 -0500

   One final note on R1.3 - It is becoming an increasing burden to
   support and proof it against attacks.  The plan is to cease making
   it (and all previous versions) available one month after 1.4 is
   released.  Is this going  to cause problems for the Apache group?

We all have copies ;-).  The main issue for us concerning NCSA
handling of the 1.3 code has always been the question of legal title
(it would be nice if 1.3R+ had the legal notices in the source code,
to eliminate that ambiguity, but we can live with the status quo).

Incidentally, speaking of the burden of supporting 1.3... Now that the
/foo.cgi/ security hole is public knowledge (viz. recent posts on
comp.infosystems.www.servers.unix), you might want to release a
non-beta server which fixes that problem (either 1.4 final or another
spin on 1.3 --- but there ought to be something).

Anyway, thanks for asking...


View raw message