httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: Knocking items off the plate, one by one
Date Fri, 09 Jun 2006 22:09:17 GMT
Sander Temme wrote:
> On Jun 9, 2006, at 12:57 PM, Mads Toftum wrote:
>> I don't really see much reason for having 2.0.x bins at all, but  keeping
>> old ones around is just asking for trouble imho.
> What trouble? Do we ever make any claims about our software beyond  "if 
> it breaks, you get to keep the pieces"? Source or otherwise?

Well, although I agree with Sander's assessment as far back as 2.0, I'm not
really fond of the argument to hang on to win32 1.3 specifically.  Unix?  If
one is packaged and doesn't have a vulnerability, sure.  Just make sure it's
not the first choice displayed for the user to pick from, shown anywhere.

And no, we don't warrentee the software.  But someone has to go through and
close worthless bug reports, triage #apache irc traffic, triage users@h.a.o
traffic.  Not saying this is you - or me even.  In fact that's why I asked,
because I figure the people who are kind enough to even both doing these
tasks are the ones to decide how long a stale source or binary package aught
to be hanging around.

As far as -this- list is concerned, I hope we are mostly excited for 2.e.x
stable and 2.o.x alpha and beta offerings that we are actually trying to
improve :)  Anyone dwelling heavily in "improving" 1.3 or 2.0 is really
saying to the list, "here's my pocket veto of what you did in the current
trunk".  Anyone dwelling on "fixing" 1.3 or 2.0 - just to keep it working,
well I think most of them fall in Sander's camp - alot of folks must have
some server that is running mod_slowvendor, and they can't yet make a move,
or worse, they don't have internal engineering resources to move mod_ourfoo
which some dev long gone customized at the company.

So nothing against fixing bugs or keeping a 2.0 around at least as long as
it takes us to make 2.4 happen, here.  I'm partial to making 1.3 win32
binaries go away, and I'm partial to making any inherently insecure binary
go away.  Beyond that <shrug/>.


View raw message