Before Dublin, I'd like to scratch several of my own itches to start with something of a 'blank page' and moving forward with new stuff, rather than our usual rehashes @ the hackathon.
Numero Uno is to permanantly remove apache 1.3.x from our live http://www.apache.org/dist/httpd/binaries/win32/ site, I have no interest in rolling 1.3.36 since it solves no apparent problems that 1.3.34 had, but moreso, httpd 2.0 is well over four years old. http://archives.apache.org/dist/httpd is always out there ;-) I simply have no reason to roll 1.3.x binaries as there is no sane reason for them to continue to be used on Windows. (As I've said before, on Unix I'm entirely neutral.) Please vote; [ ] Jettison apache/win 1.3 binaries to a footnote of history in archives [ ] Beg of Bill, "One more Round!" of 1.3.36 for old times sake [ ] Keep them available from www even if they are never updated again [ ] "I'm insane, I'll take over rolling 1.3, fill me in on the procedure Bill?" If jettisoned, I'll simply remove any 1.3 language from the page. There is already a note "Looking for older binaries? Please don't" which goes on to point out where they live for the sadists. That should cover it. Any other thoughts? Second verse, same as the first, we have some _old_ directories lingering in httpd/binaries/..., I will kill these today once I know for a fact they are mirrored already on archives.apache.org (I thought we had killed these before.) Third verse (sing along!) our web site reports Fixed in Apache httpd 1.3.32 moderate: mod_proxy buffer overflow CVE-2004-0492 Fixed in Apache httpd 2.0.55 moderate: HTTP Request Spoofing CVE-2005-2088 Each of these is out of the control of the operator once they enable common features, as opposed to other more recent, very specific flaws that need specific configuration, unusual use cases or local web administration access to trigger or reproduce. (Who uses IMAP lol?) So the final vote that we need to have a concensus on is; [ ] Remove all pre 2.0.55/pre 1.3.32 binaries from www.a.o (to archive.a.o) [ ] Leave the last unmaintained 2.0.x in whatever state it's in [ ] Leave the last unmaintained 1.3.x and 2.0.x in whatever state they are in Votes/comments please? Thanks, Bill
