On 1/17/2012 10:26 AM, Graham Leggett wrote:
> 
> Take our opening site page at http://httpd.apache.org/, no mention of patches at all. Zoom in a little to the download page at http://httpd.apache.org/download.cgi#apache23, and still no mention of the patches directory. If our end users aren't alerted to the fact these patches exist, you can hardly expect our committers to.

I was curious too, so here's what I found across the whole site;

https://www.google.com/search?q="dist%2Fhttpd%2Fpatches"+site%3Ahttpd.apache.org&filter=0

Clearly, awareness of this area has steadily decreased.  Since our
docs team are partners in maintaining the site, these references have
obviously been deleted over time.  We all need to be aware of the same
publishing mechanism, and this one has fallen apart.

So it's a good time to work out what the right strategy is, seeing as
there is overwhelming support for 'somehow' publishing patches.

I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation.  It seems
more efficient to set these up as patches/CVE-yyyy-iiii/ with individual
files for actively (or semi-actively) maintained versions.  If there is
one patch which applies to 2.2.n < 2.2.17, and a second patch for 2.2.17
and higher, it would be easier to differentiate these all within one
directory.

This suggestion precludes publishing 'other' patches.  Is there still a
role for 3rd party contrib or other unreleased patches that individuals
homes on people.a.o doesn't fulfill?


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org