httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregg L. Smith" <>
Subject Re: security patches and releases (was [VOTE] Release Apache httpd 2.4.0)
Date Tue, 17 Jan 2012 20:22:18 GMT
On 1/17/2012 11:56 AM, Eric Covener wrote:
>> I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation.  It seems
>> more efficient to set these up as patches/CVE-yyyy-iiii/ with individual
>> files for actively (or semi-actively) maintained versions.  If there is
>> one patch which applies to 2.2.n<  2.2.17, and a second patch for 2.2.17
>> and higher, it would be easier to differentiate these all within one
>> directory.
> The current scheme has one benefit in that a responsible user on the
> latest release has a one-stop shop for "What do I need to add?".
> With the CVE as the directory, they'd have to start with some other
> resource/hint or browse through the descriptions/patches
2 cents.

I like the current way as well, know right where to look, do not have 
read something first then dig through a bunch of CVE numbers. Somewhat 
dyslexic people would be better served by the apply to vs. CVEs IMHO.

View raw message