>FYI, I have a tentative build of 0.8.16, built according to these votes
>(barring *further* last-minute changes), in
>ftp://ftp.ai.mit.edu/pub/users/rst.
Sigh; we seem to have stalled again. Can you upload that as 0.8.16?
(At least that would make some progress.)
Outstanding problems:
1. // in paths
2. The #include file=xxx problem. Randy seems to have disappeared from this
list. If this problem is not fixed, then the compatibility notes will
need a big notice stating:
SECURITY Feature: Unlike NCSA httpd or Apache 0.6.5, Web admins concerned
about security (who would not set the FollowSymLinks option for example)
should be concerned about allowing server-side includes in any form. With
Apache 0.8, Options IncludesNOEXEC (and Options Includes) will allow users
to link in any file on the machine into their documents. NCSA httpd
(and Apache 0.6 and earlier) only allow the inclusion of files that
the client could access anyway.
David.
|