httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Beverley <>
Subject Integrity of Apache source code
Date Mon, 17 Dec 2007 23:22:37 GMT

I hope that this is the correct mailing list for this question, and that you can
easily provide a quick response.

I am currently working within the UK Ministry of Defence, and am trying to get
Apache web server accredited as software able to be installed on one of our
defence networks. However, one of the barriers I am coming up against is the
argument that, because it is open source, that someone could contribute a Trojan
horse to the code and that the code could be included in the official product.

What I would like to know, so that I can dispel this, is what procedures are in
place to prevent this happening? I know that all downloads are digitally signed,
but what other procedures are in place? For example, how is code signed-off for
inclusion in production releases?

I am going to a meeting about this very shortly so would appreciate a prompt

Many thanks,

Andy Beverley

View raw message