httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: As we contemplate what to fix, and how to roll out 2.4 and 3.0
Date Tue, 02 Oct 2007 14:33:29 GMT

On Oct 2, 2007, at 10:10 AM, Rich Bowen wrote:

> On Oct 2, 2007, at 08:24, Jim Jagielski wrote:
>> Well, we could do:
>>   o Apache 1.3 and 2.0 deprecated
> As part of the support community, I'd like to have this defined  
> pretty clearly.
> I presume it can't mean "no more bug fixes or security fixes." I  
> suppose it might mean "no more fixes after DD/MM/YYYY", but even  
> then, I can't imagine that we'll utterly disregard security  
> problems when millions of websites are running 1.3
> So what does it actually mean? And why would anybody take it  
> seriously?
> Those of us who do Apache httpd support have been saying, since  
> roughly 1999, you should get off of 1.3, but it has no teeth, and  
> people have their reasons, some of which are even well considered.
> So ... all that to say, if we're going to deprecate anything, we  
> need to define, very clearly, what exactly that means, and what  
> people can expect it to mean 2 years from now, 4 years, whatever.  
> Because when there's a big problem discovered, and we choose to  
> ignore it, "I told you so" isn't really going to look very good in  
> the trade rags.

My pref would be: No fixes at all after such-and-such a date.
Make 1.3 be sooner and give 2.0 an additional 6 months or so.
I really don't care what the date is, but we need to define
it and stick to it.

View raw message