> Just an opinion.. > Lots of people trust you lot. Next time there is a security issue and > you do release 2.0.x, if there is a change/new functionality that is > beta, alpha or worse then that is extremely bad for a GA product. Start > the 2.1.x branch!
I'll state this a slightly different way. Apache 2.0.43 is officially released and running live sites. What if a security problem on the order of the chunked encoding bug is discovered in 2.0.43? We roll 2.0.44 with the fix. Problem solved, right? Wrong. Apache 2.0.43 users rightfully expect to be able to download the next release (2.0.44 with security fix, whatever) and not have to spend hours and hours tweaking source code, recompiling third party modules, figuring out where mod_auth went, figuring out why certain config directives no longer work, etc. Is that a fair statement? (I think so...) For the webserver hobbiest, these things are no big deal. I would speculate with confidence that most of the admins running the 60% of website that use Apache HTTPD are doing so as part of their employment. We owe it to the user community to let folks know if we endorse the use of Apache 2.0 in business sensitive roles. If we do not, then we need to explicitly say so. If we do, we need to provide a reasonable upgrade path for those users. Bill
