So, Jacob and I... He did most of the grunt work, I only pushed off the underlying premise... Have a very very long list of real and potential security patches.
I am asking publicly of (often obstanant) httpd pmc folks, do we proceed without a 2.2 mitigation? Those in the know, already know. Happy to RM Wed a.m. if we have the votes.