httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olaf van der Spek <olafvds...@gmail.com>
Subject Re: svn commit: r885606 - /httpd/httpd/trunk/build/rpm/httpd.init
Date Tue, 01 Dec 2009 20:25:56 GMT
On Tue, Dec 1, 2009 at 9:03 PM, Gregg L. Smith <lists@glewis.com> wrote:
>> And what is passing for an excuse for a local PCRE install
>> these days probably doesn't look like 7.8 or later, with
>> various fixes we are vulnerable to.

Isn't that the responsibility of the distributor?

> This does not leave me with a warm and fuzzy feeling. As a user, is the pcre 8.0 I've
built going to expose me to risks that your maintained 7.8 does not? If yes, then I'd prefer
your maintained one. After all, who knows better than you what will interact with your code
to produce problems. Regardless of merit, who will ultimately get blamed in the end? Could
your reputation be tarnished? Can you completely divorce yourself from something your software
requires to run?

The opposite might be true too, what about risks that have been
patched in the distribution but not in the one shipped by Apache?
IMO library duplication should be avoided as much as possible.

Olaf

Mime
View raw message