httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: Httpd security reveals
Date Tue, 03 Jan 2017 05:49:08 GMT
On Mon, Jan 2, 2017 at 11:48 PM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
> So, Jacob and I... He did most of the grunt work, I only pushed off the
> underlying premise... Have a very very long list of real and potential
> security patches.
>
> I am asking publicly of (often obstanant) httpd pmc folks, do we proceed
> without a 2.2 mitigation? Those in the know, already know.
>
> Happy to RM Wed a.m. if we have the votes.

Sorry, I totally missed that you had completed/proposed the backport
of the showstopper to 2.2.x. I should have reviewed it earlier but I
will work on it Tuesday.

My preference would be to proceed with the release once the current
showstopper is in, and not to wait for further mitigations or patches.
   I don't think undisclosed vulnerability fixes are imminent and we
have an important, disclosed CVE to ship.

-- 
Eric Covener
covener@gmail.com

Mime
View raw message