Re: Change from ad-hoc/historical security process to ASF process?
On Sun, May 7, 2017 at 3:17 AM, William A Rowe Jrwrote: > On May 5, 2017 13:32, "Jim Jagielski" wrote: > > +1... Lets do it. > > BTW, I would adjust #16 to include: > >Add the CVE to the CHANGES file. > > That way, it's still documented in CHANGES, just after the release > is spun out, show it shows up in the next release's CHANGES. > > > ... And if we follow through, the copy on httpd.a.o/dist/httpd/ (both 2.x > and 2.x.y files) can be the annotated flavors. +1 from me. +1 here too.
Re: The drive for 2.4.26
Yes it did, thanks for following up. On 5/22/2017 9:23 AM, Jacob Champion wrote: On 04/20/2017 01:06 PM, Gregg Smith wrote: This is ApacheBench, Version 2.3 <$Revision: 1750960 $> Same result with trunk, it just hangs. Glad it's not just Windows! Gregg, did Rainer's patch work for you on Windows? Looks like it hasn't been pushed into trunk yet, so I'll apply it today and will be proposing for backport. --Jacob
Re: The drive for 2.4.26
On 04/20/2017 01:06 PM, Gregg Smith wrote: This is ApacheBench, Version 2.3 <$Revision: 1750960 $> Same result with trunk, it just hangs. Glad it's not just Windows! Gregg, did Rainer's patch work for you on Windows? Looks like it hasn't been pushed into trunk yet, so I'll apply it today and will be proposing for backport. --Jacob
Re: Change from ad-hoc/historical security process to ASF process?
On Mon, May 22, 2017 at 10:58 AM, Eric Covenerwrote: > Last chance for anyone else to speak up. Not really "last", but before this thread is lost forever to everyones mail archives. -- Eric Covener cove...@gmail.com
Re: Change from ad-hoc/historical security process to ASF process?
On Sat, May 6, 2017 at 9:17 PM, William A Rowe Jrwrote: > On May 5, 2017 13:32, "Jim Jagielski" wrote: > > +1... Lets do it. > > BTW, I would adjust #16 to include: > >Add the CVE to the CHANGES file. > > That way, it's still documented in CHANGES, just after the release > is spun out, show it shows up in the next release's CHANGES. > > > ... And if we follow through, the copy on httpd.a.o/dist/httpd/ (both 2.x > and 2.x.y files) can be the annotated flavors. +1 from me. Last chance for anyone else to speak up.
Re: The drive for 2.4.26
I think we are *really* close! What say we try for a T sometime this week? Who wants to RM? If no one does, I will.
Re: Ideas from ApacheCon
I'll let Jim Riggs answer that...it came up during his mod_cache talk. > On May 18, 2017, at 2:25 PM, Eric Covenerwrote: > > On Thu, May 18, 2017 at 2:22 PM, Rainer Jung wrote: >>> o Look into AAA and mod_cache; eg: "bolt in at the end" > > Does that differ from "CacheQuickHandler OFF"? > > > > -- > Eric Covener > cove...@gmail.com
in case someone missed this
The OCSP weaknesses in our server as experienced during the LetsEncrypt server outage: https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html