www-mirrors mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jason andrade <ja...@dstc.edu.au>
Subject RE: cvs commit: site/xdocs/dev mirrors.xml
Date Wed, 27 Nov 2002 23:34:56 GMT
On Thu, 28 Nov 2002, Andrew Kenna wrote:

> With the point of people relying on binaries, I'm reffering to people
> that use up2date from redhat and assume that it will update their apache
> daemon.. It might but it only tags the version as 1.3.22 for instance..
> Or one other case I heard about in there was debian patching up 1.3.9..
>
> I've had this discussion with Joshua before, but I think if people are
> serious about having a quality mirror they should download the source
> code from apache.org or an apache mirror.. Compile it up and be done
> with it.

Andrew,

I can see your point of view on this and personally that is what we do,
but im my opinion it is simply not something that can be mandated, even
for apache mirrors, tier1, quality or whatever you call them.

It might be possible to state that apache mirror sites are required to
patch regularly and to ensure they are not compromised and if the mirror
group becomes aware of a server that is either compromised or in a position
to be, it will be removed from the mirror listings until it is fixed.

It isn't possible to mandate the mirror has to compile the server or
to be running a specific version unless there is functionality required
that is not available in previous versions.  The latter happened 3 or 4
years ago IIRC, where all of the mirrors needed to upgrade apache because
a rework of the mirror site needed some new feature - which was fair
enough.  Though i am certainly not looking forward to the day where we
all need to migrate to apache 2.X..


regards,

-jason


Mime
View raw message