httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: security patches and releases (was [VOTE] Release Apache httpd 2.4.0)
Date Tue, 17 Jan 2012 19:56:41 GMT
> I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation.  It seems
> more efficient to set these up as patches/CVE-yyyy-iiii/ with individual
> files for actively (or semi-actively) maintained versions.  If there is
> one patch which applies to 2.2.n < 2.2.17, and a second patch for 2.2.17
> and higher, it would be easier to differentiate these all within one
> directory.

The current scheme has one benefit in that a responsible user on the
latest release has a one-stop shop for "What do I need to add?".

With the CVE as the directory, they'd have to start with some other
resource/hint or browse through the descriptions/patches.

View raw message