www-mirrors mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Haesu <ha...@towardex.com>
Subject Re: Mirror Update time
Date Fri, 25 Oct 2002 00:22:43 GMT
Hello,
	I personally believe that everyone operating the mirror must run
at least 1.3.26 or above.. I mean it would be better if all the mirrors
are *totally secure* from any possibilities of exploits, rather than just
cutting corners with redhat rpm updates that fix the problem w/o upgrading
completely. Accepted, my opinion may not be 100% correct. But the reason
for anyone to operate an official mirror is to help apache foundation to
begin with, and I believe each mirror should be proactive in its
responsibilities, including security.

--HC


On Thu, 24 Oct 2002, myfriend.is.not.my.enemies.org wrote:

>
> Actually Andrew concern is about security for all apache mirror.
> I think this can seatle if every administrator/maintainer apply pathes for their Apache
webserver.  But how we know's which Apache have been patch or not.  I think that's why Andrew
want to do like that.
>
>  Thom May <thom@positive-internet.com> wrote: * Andrew Kenna (andrewk@stamina.com.au)
wrote :
> > People, please follow the steps outlines on http://httpd.apache.org/
> > The following are mirrors that are no longer valid, meaning 1 of the following
> >
> > 1) They are un-reachable
> > 2) They do not contain the latest version of apache
> > 3) They are running a version of apache pre-dating 1.3.26
> >
> > Does anyone have any problems with removing mirror sites that are running versions
of apache prior to 1.3.26 ?
>
> Yes, this is bogus. Most OS distributions prefer to backport patches rather
> than enforce an upgrade on their users.
> Debian's 2.2 release (the last but one, and still recieving updates) has a
> fully patched 1.3.9 version in, which is as secure as 1.3.26.
> So you're just causing admins extra work for no real reason.
> -Thom
>
>
> ---------------------------------
> Do you Yahoo!?
> Y! Web Hosting - Let the expert host your web site


Mime
View raw message