Actually Andrew concern is about security for all apache mirror.
I think this can seatle if every administrator/maintainer apply pathes for their Apache webserver. But how we know's which Apache have been patch or not. I think that's why Andrew want to do like that.
Thom May <[EMAIL PROTECTED]> wrote:
* Andrew Kenna ([EMAIL PROTECTED]) wrote :
> People, please follow the steps outlines on http://httpd.apache.org/
> The following are mirrors that are no longer valid, meaning 1 of the following
>
> 1) They are un-reachable
> 2) They do not contain the latest version of apache
> 3) They are running a version of apache pre-dating 1.3.26
>
> Does anyone have any problems with removing mirror sites that are running versions of apache prior to 1.3.26 ?
Yes, this is bogus. Most OS distributions prefer to backport patches rather
than enforce an upgrade on their users.
Debian's 2.2 release (the last but one, and still recieving updates) has a
fully patched 1.3.9 version in, which is as secure as 1.3.26.
So you're just causing admins extra work for no real reason.
-Thom
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
