httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Perkins <>
Subject Re: OpenSSL 0.9.8/1.0.0 on Trunk
Date Tue, 22 Dec 2015 05:30:37 GMT
Hi Eric,

I’m going to work on setting up a test system for all of our supported environments so that
we can test our platform quicker and provide feedback during the T&R period.

I’d love to try and give back to the project honestly. cPanel has used Apache in the core
of our webstack for at least 10 years so it would be great if we could provide some extra
eyes for testing releases, if not more.

Sorry if I came across a little… crass. It’s been a long day.
Jacob Perkins
Product Owner
cPanel Inc. <>
Office:  713-529-0800 x 4046
Cell:  713-560-8655

> On Dec 21, 2015, at 5:20 PM, Eric Covener <> wrote:
> On Mon, Dec 21, 2015 at 2:38 PM, Jacob Perkins <> wrote:
>> CentOS 5 still ships with OpenSSL 0.9.8, and is still supported for another
>> year or so. Considering there’s a lot of servers still running CentOS 5 (and
>> possibly older), it feels as if this would have been caught.
> Do you mean could or should have been caught?
> It wasn't caught until someone compiled it against openssl < 0.9.8m
> (which is not the latest 0.9.8).  I can't see many scenarios where someone
> will compile a new 2.4.x release and not have a contemporary openssl --
> beyond trying to catch exactly these kinds of problems during a release.
>> Especially something as small as a missing semicolon.
> Well, usually small problems are the ones that fly under the radar.    Anything
> catastrophic to the build will not go unnoticed, but someone has to build on the
> affected platform/compiler/prereqs/???.
>> Would a linter / compile check to proactively check those things help?
> Dunno, possible.

View raw message