You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by wr...@apache.org on 2018/03/13 20:34:36 UTC

svn commit: r25693 - in /release/httpd: docs/ patches/apply_to_2.2.0/ patches/apply_to_2.2.11/ patches/apply_to_2.2.14/ patches/apply_to_2.2.15/ patches/apply_to_2.2.19/ patches/apply_to_2.2.21/ patches/apply_to_2.2.32/ patches/apply_to_2.2.34/ patches...

Author: wrowe
Date: Tue Mar 13 20:34:36 2018
New Revision: 25693

Log:
Drop unsupported files from the distribution site.

These remain available from http://archive.apache.org/dist/httpd/


Removed:
    release/httpd/docs/apache-docs-1.3.23.pdf.zip
    release/httpd/docs/httpd-docs-2.0.65.de.chm
    release/httpd/docs/httpd-docs-2.0.65.de.war
    release/httpd/docs/httpd-docs-2.0.65.de.zip
    release/httpd/docs/httpd-docs-2.0.65.en.chm
    release/httpd/docs/httpd-docs-2.0.65.en.pdf
    release/httpd/docs/httpd-docs-2.0.65.en.war
    release/httpd/docs/httpd-docs-2.0.65.en.zip
    release/httpd/docs/httpd-docs-2.0.65.es.chm
    release/httpd/docs/httpd-docs-2.0.65.es.war
    release/httpd/docs/httpd-docs-2.0.65.es.zip
    release/httpd/docs/httpd-docs-2.0.65.fr.war
    release/httpd/docs/httpd-docs-2.0.65.fr.zip
    release/httpd/docs/httpd-docs-2.0.65.ja.chm
    release/httpd/docs/httpd-docs-2.0.65.ja.war
    release/httpd/docs/httpd-docs-2.0.65.ja.zip
    release/httpd/docs/httpd-docs-2.0.65.ko.chm
    release/httpd/docs/httpd-docs-2.0.65.ko.war
    release/httpd/docs/httpd-docs-2.0.65.ko.zip
    release/httpd/docs/httpd-docs-2.0.65.ru.war
    release/httpd/docs/httpd-docs-2.0.65.ru.zip
    release/httpd/docs/httpd-docs-2.0.65.tr.chm
    release/httpd/docs/httpd-docs-2.0.65.tr.war
    release/httpd/docs/httpd-docs-2.0.65.tr.zip
    release/httpd/docs/httpd-docs-2.2.32.de.chm
    release/httpd/docs/httpd-docs-2.2.32.de.war
    release/httpd/docs/httpd-docs-2.2.32.de.zip
    release/httpd/docs/httpd-docs-2.2.32.en.chm
    release/httpd/docs/httpd-docs-2.2.32.en.pdf
    release/httpd/docs/httpd-docs-2.2.32.en.war
    release/httpd/docs/httpd-docs-2.2.32.en.zip
    release/httpd/docs/httpd-docs-2.2.32.es.chm
    release/httpd/docs/httpd-docs-2.2.32.es.war
    release/httpd/docs/httpd-docs-2.2.32.es.zip
    release/httpd/docs/httpd-docs-2.2.32.fr.war
    release/httpd/docs/httpd-docs-2.2.32.fr.zip
    release/httpd/docs/httpd-docs-2.2.32.ja.chm
    release/httpd/docs/httpd-docs-2.2.32.ja.war
    release/httpd/docs/httpd-docs-2.2.32.ja.zip
    release/httpd/docs/httpd-docs-2.2.32.ko.chm
    release/httpd/docs/httpd-docs-2.2.32.ko.war
    release/httpd/docs/httpd-docs-2.2.32.ko.zip
    release/httpd/docs/httpd-docs-2.2.32.pt-br.war
    release/httpd/docs/httpd-docs-2.2.32.pt-br.zip
    release/httpd/docs/httpd-docs-2.2.32.tr.chm
    release/httpd/docs/httpd-docs-2.2.32.tr.war
    release/httpd/docs/httpd-docs-2.2.32.tr.zip
    release/httpd/docs/httpd-docs-2.2.32.zh-cn.chm
    release/httpd/docs/httpd-docs-2.2.32.zh-cn.war
    release/httpd/docs/httpd-docs-2.2.32.zh-cn.zip
    release/httpd/patches/apply_to_2.2.0/
    release/httpd/patches/apply_to_2.2.11/
    release/httpd/patches/apply_to_2.2.14/
    release/httpd/patches/apply_to_2.2.15/
    release/httpd/patches/apply_to_2.2.19/
    release/httpd/patches/apply_to_2.2.21/
    release/httpd/patches/apply_to_2.2.32/
    release/httpd/patches/apply_to_2.2.34/
    release/httpd/patches/apply_to_2.2.4/
    release/httpd/patches/apply_to_2.2.8/
    release/httpd/patches/apply_to_2.2.9/

Re: svn commit: r25693 - in /release/httpd: docs/ patches/apply_to_2.2.0/ patches/apply_to_2.2.11/ patches/apply_to_2.2.14/ patches/apply_to_2.2.15/ patches/apply_to_2.2.19/ patches/apply_to_2.2.21/ patches/apply_to_2.2.32/ patches/apply_to_2.2.34/ patches...

Posted by William A Rowe Jr <wr...@rowe-clan.net>.

My top-line comment and rational for adjusting things as I have;

We have no desire for users to obtain an unsupported ASF package.
We want users to obtain 2.4.32. We don't want them to patch their
antique flavors, we want them to obtain a supported flavor. We axe
the next-most recent version as soon as our site is updated and
refers to the current release, why not apply the same standard to
any out of date unsupported version minor?

Users running 2.2.x and earlier perhaps want to reference the docs.
We as devs want to reference historical docs (when did that change,
and when did we actually explain that change?!?) But nobody needs
a download of the historical docs, these are simply available over
the internet whenever someone wants to reference or cite them,
until they get around to upgrading.

Bottom line, the website facilitates the user to follow the guidance
we recommend, so anything on that site that assists them in going
against our guidance and better judgement probably doesn't belong.

Cheers,

Bill

On Tue, Mar 13, 2018 at 4:32 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
> On Tue, Mar 13, 2018 at 3:53 PM, Yann Ylavic <yl...@gmail.com> wrote:
>> On Tue, Mar 13, 2018 at 9:34 PM,  <wr...@apache.org> wrote:
>>> Author: wrowe
>>> Date: Tue Mar 13 20:34:36 2018
>>> New Revision: 25693
>>>
>>> Log:
>>> Drop unsupported files from the distribution site.
>>>
>>> These remain available from http://archive.apache.org/dist/httpd/
>>>
>>>
>>> Removed:
>> []
>>>     release/httpd/patches/apply_to_2.2.34/
>>
>> Why? First this directory was not empty (IIRC), and I think it could
>> be used to provide security/bug patches for RIP 2.2, maybe some of us
>> still have to make legacy 2.2 work and can share.
>> It looked like the last place (with docs) to worth some/possible updates...
>
> Here's the issue, with publishing 2.2 patches + security errata on an
> ongoing basis.
>
> If we are publishing these ongoing as "advised", we are taking the
> responsibility to continue to offer that advise and recommendations
> for any patches we are aware of that mitigate vulnerabilities.
>
> As we decided a long while back (and reaffirmed in a recent poll)
> that we aren't actually referring back to 2.2.x sources when we
> evaluate and publish advise on CVE-2018-next... well, then it's
> actually irresponsible to publish the corresponding source tarball
> or cumulative patchset on an ongoing basis.
>
> That said, it wasn't deleted.
>
> https://archive.apache.org/dist/httpd/?P=httpd-2.2.34*
>
> is still available. If we decide not to continue publication of an
> unsupported package, why would the patches/ continue to reside
> where the source package cannot be found?
>
> As you can see, they are right alongside the current location of
> that package;
>
> https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/
>
> Additional thoughts?
>
> Cheers,
>
> Bill

Re: svn commit: r25693 - in /release/httpd: docs/ patches/apply_to_2.2.0/ patches/apply_to_2.2.11/ patches/apply_to_2.2.14/ patches/apply_to_2.2.15/ patches/apply_to_2.2.19/ patches/apply_to_2.2.21/ patches/apply_to_2.2.32/ patches/apply_to_2.2.34/ patches...

Posted by William A Rowe Jr <wr...@rowe-clan.net>.

On Tue, Mar 13, 2018 at 3:53 PM, Yann Ylavic <yl...@gmail.com> wrote:
> On Tue, Mar 13, 2018 at 9:34 PM,  <wr...@apache.org> wrote:
>> Author: wrowe
>> Date: Tue Mar 13 20:34:36 2018
>> New Revision: 25693
>>
>> Log:
>> Drop unsupported files from the distribution site.
>>
>> These remain available from http://archive.apache.org/dist/httpd/
>>
>>
>> Removed:
> []
>>     release/httpd/patches/apply_to_2.2.34/
>
> Why? First this directory was not empty (IIRC), and I think it could
> be used to provide security/bug patches for RIP 2.2, maybe some of us
> still have to make legacy 2.2 work and can share.
> It looked like the last place (with docs) to worth some/possible updates...

Here's the issue, with publishing 2.2 patches + security errata on an
ongoing basis.

If we are publishing these ongoing as "advised", we are taking the
responsibility to continue to offer that advise and recommendations
for any patches we are aware of that mitigate vulnerabilities.

As we decided a long while back (and reaffirmed in a recent poll)
that we aren't actually referring back to 2.2.x sources when we
evaluate and publish advise on CVE-2018-next... well, then it's
actually irresponsible to publish the corresponding source tarball
or cumulative patchset on an ongoing basis.

That said, it wasn't deleted.

https://archive.apache.org/dist/httpd/?P=httpd-2.2.34*

is still available. If we decide not to continue publication of an
unsupported package, why would the patches/ continue to reside
where the source package cannot be found?

As you can see, they are right alongside the current location of
that package;

https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/

Additional thoughts?

Cheers,

Bill

Re: svn commit: r25693 - in /release/httpd: docs/ patches/apply_to_2.2.0/ patches/apply_to_2.2.11/ patches/apply_to_2.2.14/ patches/apply_to_2.2.15/ patches/apply_to_2.2.19/ patches/apply_to_2.2.21/ patches/apply_to_2.2.32/ patches/apply_to_2.2.34/ patches...

Posted by Yann Ylavic <yl...@gmail.com>.

On Tue, Mar 13, 2018 at 9:34 PM,  <wr...@apache.org> wrote:
> Author: wrowe
> Date: Tue Mar 13 20:34:36 2018
> New Revision: 25693
>
> Log:
> Drop unsupported files from the distribution site.
>
> These remain available from http://archive.apache.org/dist/httpd/
>
>
> Removed:
[]
>     release/httpd/patches/apply_to_2.2.34/

Why? First this directory was not empty (IIRC), and I think it could
be used to provide security/bug patches for RIP 2.2, maybe some of us
still have to make legacy 2.2 work and can share.
It looked like the last place (with docs) to worth some/possible updates...