httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: [VOTE] httpd-2.2.20 tarballs
Date Wed, 31 Aug 2011 08:38:50 GMT
 

> -----Original Message-----
> From: William A. Rowe Jr. [mailto:wrowe@rowe-clan.net] 
> Sent: Mittwoch, 31. August 2011 04:47
> To: dev@httpd.apache.org
> Subject: Re: [VOTE] httpd-2.2.20 tarballs
> 
> On 8/29/2011 7:17 PM, Jim Jagielski wrote:
> > Are available on httpd.apache.org/dev
> > 
> > 	http://httpd.apache.org/dev/dist/
> > 
> > Vote on release as 2.2.20-GA
> 
> Autoconf bumped from 2.63 to 2.68, libtool from 1.5.26 to 2.4 between
> httpd-2.2.19 and 2.2.20 packages.
> 
> -1 as "the security release" as this defies the "minimal changes"
> principal which had obtained consensus.  I recognize that 
> this is beyond
> the minimum 24 hour window for voting (that you apparently ignored).
> But I would strongly oppose announcing this as /the/ solution 
> to the CVE,
> without also pointing to the security patch for 2.2 and 2.0 for those
> users who might encounter trouble building this package due 
> to the upgrade.
> 

Let's see where we head with the regression report Stefan mentioned.
If it is really something that needs fixing we should go for 2.2.21
and fix the above issues as well.

Regards

Rüdiger


Mime
View raw message