On Thu, May 29, 2008 at 03:34:21PM -0700, Paul Querna wrote: > Stefan Fritsch wrote: >> https://issues.apache.org/bugzilla/attachment.cgi?id=21137 has been in >> Debian testing and unstable for about 6 months without problems. It is not >> an elegant solution but it works. Considering that is is not clear how an >> elegant solution would look like, including this patch might make sense. > > Please don't put these kind of patches into the debian apache packages, > especially ones that don't exist in trunk.
Why not, is this some kind of distros-can't-be-trusted-to-run-patch reaction after the Debian OpenSSL PRNG incident? Blah. 1) we-the-committers failed to do anything useful about this bug 2) Stefan has a patch 3) having more test data from people running that patch is useful If you don't want people *patching* the *Apache source code* (god forbid!), then we need to go pick another license. joe
