Chris Travers wrote: > Hi all; > > I am wondering what people think of dropping support for Apache from > versions 2.0.0 through 2.0.43 as of LedgerSMB 1.3. These versions > have a bug in them which we currently work around involving escaping > urls. The bug was corrected in 2.1, 2.2, and 2.0.44. > > My own preference is to assume that bugs fixed in a stable branch of > software should be deemed fixed in our code as well. This helps > encourage people to be up to date (within the stable branch) and > therefore helps encourage better security. > > But if these updates are not readily available to users, I think we > should still support the older version. Any feedback?
My view and 2c worth. I am quite a Debian fan (read bigot :) and I am aware the Debian often trails other distributions for package releases. Saying that even Debian stable http://packages.debian.org/cgi-bin/search_packages.pl?keywords=apache&searchon=names&subword=1&version=stable&release=all has Apache 2.0.54 (and of course 1.3.33) If a server is still running Aache < 2.0.44 I suspect that there may be more to worry about that just Apache. Could be a good prompt for people to look at their system. As long as the dependency is made very CLEAR I think this is a good idea and if it helps clear out and make simpler the code, an even better idea. W ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Ledger-smb-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-users
