httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: 2.2.9
Date Tue, 06 May 2008 22:45:25 GMT
On Tue, 6 May 2008 09:50:41 -0400
Jim Jagielski <jim@jaguNET.com> wrote:

>     2. Consensus on whether we ship with APR 1.2.x or 1.3.x...
>        My pref would be 1.3. 

-1.

The target audience for APR is tech-savvy: developers and
integrators.  HTTPD has a larger and more mixed audience.
I'd say that puts on us a greater burden of care, including
crucially a proper review of changes in 1.3, before
bundling it in a release version of HTTPD.

As an example of what I'm concerned about, I'd point to
the serious security issue I recently documented in
mod_dbd (trunk version of docs).  APR-UTIL 1.2 excludes
the dangerous driver; 1.3 includes it.

Can we enumerate other potentially-serious issues?

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Mime
View raw message