httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@covalent.net
Subject Re: Flame bait: Apache-2.0 on Unix is almost unusable.
Date Fri, 26 Jan 2001 15:53:14 GMT

> > Since (I believe) we were on a 2.2 kernel at the time, and an
> > up-to-date glibc (for that time), I would prefer if Apache
> > didn't just assume that everybody has upgraded.
> 
>     If they did not upgrade, they are subject to many remote
>     attacks.  Those attacks can at least crash the whole system,
>     possibly allowing the attacker to take over the system.  I
>     think we should encourage people to use more recent software,
>     instead of continuing to support dangerous releases.  If
>     Apache 2.0 is installed on such a system and that system is
>     broken into, it might as well generate bad PR for Apache
>     (this happened recently to thttpd where compatibility was
>     rated higher than security).

IMHO, the apache group has no right to force somebody to upgrade their
OS.  There are many vulnerable platforms out there, and we can't take
responsability for forcing people to get off of them.

Ryan

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
406 29th St.
San Francisco, CA 94131
-------------------------------------------------------------------------------


Mime
View raw message