You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2009/08/01 03:18:41 UTC
Aug project status to board
I've just been kindly reminded by Marvin that httpd is due to report
on the 17th. Unfortunately, I won't be around the preceding week.
If folks could offer their input to the report (preferably in response
to this thread) I'll compile it all and recap the status on Sun 8/16.
Re: Aug project status to board
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Guenter Knauf wrote:
> William A. Rowe, Jr. schrieb:
>> I may have mis-read Guenter's observations as a +1.
> was my fault that I didnt explicitely write a +1, but both your new
> Win32 distro as well as my NetWare one were fine as far as I tested them.
Right; but note that we never 'vote on binaries' - so your vote on building
and shipping for netware is noted, but the windows binary shouldn't be the
basis for approving a release, if you see what I'm suggesting.
But thank you, again, for your review of that Win32 distro. Glad to finally
have shipping support for all of those db stubs :) (All but gdbm, which
does appear to remain impossible, unless someone can point to an exception
statement from the gdbm maintainers).
Re: Aug project status to board
Posted by Guenter Knauf <fu...@apache.org>.
William A. Rowe, Jr. schrieb:
> I may have mis-read Guenter's observations as a +1.
was my fault that I didnt explicitely write a +1, but both your new
Win32 distro as well as my NetWare one were fine as far as I tested them.
Günter.
Re: Aug project status to board
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Jim Jagielski wrote:
>
> Also, 2.2.13 was released.... not sure why :)
There was significant input from httpd PMC members to declare this flaw
a vulnerability in the first place. (I certainly don't feel this is an
APR vulnerability, but it was shown to conceivably lead to escalation of
severity of vulnerabilities in insecure software written by others.)
Given that httpd is deployed as often for third party modules from others
as it is for just the base httpd itself, it was prudent to react to this
flaw before exploits of third party modules were identified.
Refer to the lengthy Message-ID: <4A...@rowe-clan.net> thread
on security@httpd between Sander, Ruediger, Bojan, and myself on
security@httpd.apache.org (which occured outside of public view prior
to any public discussion of the apr issue), in which the concensus was
that 2.2.12 could not be repackaged with a new apr library version.
Then refer to Ruediger's support for my suggestion for testing such a
replacement candidate, followed by the usual vote with +1's from
Ruediger, Eric, and myself, and nonbinding votes from Dan and Gregg.
I may have mis-read Guenter's observations as a +1.
So, I'm not sure why not :-) What is the nature of your doubt?
Re: Aug project status to board
Posted by Jim Jagielski <ji...@jaguNET.com>.
On Aug 1, 2009, at 6:27 AM, Eric Covener wrote:
> On Sat, Aug 1, 2009 at 3:52 AM, Ruediger Pluem<rp...@apache.org>
> wrote:
>> * Releases
>> - A bugfix and security release (2.2.12) of the stable 2.2.x
>> branch on 07/23/2009
>
> 2.2.12 is the first release with SNI, which some people see as very
> significant.
>
Also, 2.2.13 was released.... not sure why :)
Re: Aug project status to board
Posted by Eric Covener <co...@gmail.com>.
On Sat, Aug 1, 2009 at 3:52 AM, Ruediger Pluem<rp...@apache.org> wrote:
> * Releases
> - A bugfix and security release (2.2.12) of the stable 2.2.x branch on 07/23/2009
2.2.12 is the first release with SNI, which some people see as very significant.
--
Eric Covener
covener@gmail.com
Re: Aug project status to board
Posted by Ruediger Pluem <rp...@apache.org>.
On 08/01/2009 09:52 AM, Ruediger Pluem wrote:
>
> On 08/01/2009 03:18 AM, William A. Rowe, Jr. wrote:
>> I've just been kindly reminded by Marvin that httpd is due to report
>> on the 17th. Unfortunately, I won't be around the preceding week.
>>
>> If folks could offer their input to the report (preferably in response
>> to this thread) I'll compile it all and recap the status on Sun 8/16.
>>
>>
>
>
* Community
- Added new committer Dan Poirier (poirier)
- No changes to the PMC roster
* Releases
- Two bugfix and security releases (2.2.12 / 2.2.13) of the stable 2.2.x branch on
07/23/2009 and on 08/08/2009
* Board level issues
None
Regards
Rüdiger
Re: Aug project status to board
Posted by Ruediger Pluem <rp...@apache.org>.
On 08/01/2009 03:18 AM, William A. Rowe, Jr. wrote:
> I've just been kindly reminded by Marvin that httpd is due to report
> on the 17th. Unfortunately, I won't be around the preceding week.
>
> If folks could offer their input to the report (preferably in response
> to this thread) I'll compile it all and recap the status on Sun 8/16.
>
>
* Community
- Added new committer Dan Poirier (poirier)
- No changes to the PMC roster
* Releases
- A bugfix and security release (2.2.12) of the stable 2.2.x branch on 07/23/2009
Regards
Rüdiger
Re: Aug project status to board
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
William A. Rowe, Jr. wrote:
>
> If folks could offer their input to the report (preferably in response
> to this thread) I'll compile it all and recap the status on Sun 8/16.
Thanks to Ruediger, Eric and Jim for the feedback!