httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: SSL and Usability and Safety
Date Wed, 03 May 2017 09:11:37 GMT
On 3 May 2017 at 09:03, Issac Goldstand <> wrote:
> What would work, in my eyes, if people are open to it, is treating the
> contents of these definitions/macros (and I'm all for the macros, just
> so that interested sysadmins can see *exactly* what the settings are on
> their setup) as apart from the httpd sources, and thus not subject to
> the normal release cycle.  To clarify,  I mean the httpd tarball release
> cycles specifically, not our policies for how we perform and vote on the
> releases (although we'd need to come to agreement on how to allow for
> quick releases in the face of security issues, so a 3 day vote followed
> by release may not work).  Instead, we could do something similar to the
> spamassassin project does with their base rules, where we have external
> tooling (or internal tooling, if it's preferred) fetch the up-to-date
> definitions from an ASF mirror server on a regular basis and override
> the local definitions.

FWIW, this seems like the right approach to me.

View raw message