Apache mirror in Malaysia.
Hi Mr. Andrew, I have go to http://www.apache.org/mirrors/ and I find that Malaysia URL didn't included there. Did I must submit it back? The URL: http://myapache.i-ownur.info/ / http://myapache.mybsd.org.my/ Thanks, Ikmal. __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/
RE: Mirror Update time
How about do some testing on it using slapper exploit(I mean for mirror that running Red Hat). p/s: Sorry for my bad idea and I also not blaming Red Hat. Andrew Kenna [EMAIL PROTECTED] wrote: Thats my thoughts too, but obviously people being people all have their different opinions on things.I'm just concentrating on the content of the mirrors now to make sure they are configured properly, and carry the latest versions. If each admin wants to rely on Redhat making their rpm's secure its their own network that will suffer if all holes aren't patched up.RegardsAndrewn.b. These are my personal thoughts and do not reflect the ideas/policies of the Apache Software Foundation in any way shape or form.-Original Message-From: Haesu [mailto:[EMAIL PROTECTED]Sent: Friday, 25 October 2002 10:23 AMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: Mirror Update timeHello,I personally believe that everyone operating the mirror must runat least 1.3.26 or above.. I mean it would be better if all the mirrorsare *totally secure* from any possibilities of exploits, rather than justcutting corners with redhat rpm updates that fix the problem w/o upgradingcompletely. Accepted, my opinion may not be 100% correct. But the reasonfor anyone to operate an official mirror is to help apache foundation tobegin with, and I believe each mirror should be proactive in itsresponsibilities, including security.--HCOn Thu, 24 Oct 2002, myfriend.is.not.my.enemies.org wrote: Actually Andrew concern is about security for all apache mirror. I think this can seatle if every administrator/maintainer apply pathes for their Apache webserver. But how we know's which Apache have been patch or not. I think that's why Andrew want to do like that. Thom May <[EMAIL PROTECTED]>wrote: * Andrew Kenna ([EMAIL PROTECTED]) wrote : People, please follow the steps outlines on http://httpd.apache.org/ The following are mirrors that are no longer valid, meaning 1 of the following 1) They are un-reachable 2) They do not contain the latest version of apache 3) They are running a version of apache pre-dating 1.3.26 Does anyone have any problems with removing mirror sites that are running versions of apache prior to 1.3.26 ? Yes, this is bogus. Most OS distributions prefer to backport patches rather than enforce an upgrade on their users. Debian's 2.2 release (the last but one, and still recieving updates) has a fully patched 1.3.9 version in, which is as secure as 1.3.26. So you're just causing admins extra work for no real reason. -Thom - Do you Yahoo!? Y! Web Hosting - Let the expert host your web siteDo you Yahoo!? Y! Web Hosting - Let the expert host your web site
Re: Mirror Update time
Hi Mr Andrew, I'm refering to http://myapache.i-ownur.info/ mirror url. I have change the pointing of our mirror to http://myapache.mybsd.org.my/. Just want some confirmation. Did I still need to upgrade my apache after I do the patches of my apache? Here are the thing from my update. [EMAIL PROTECTED] root]# up2date --list Fetching package list for channel: redhat-linux-i386-7.3... Fetching Obsoletes list for channel: redhat-linux-i386-7.3... Fetching rpm headers... Name Version Rel-- None of the packages you requested were found, or they are already updated.[EMAIL PROTECTED] root]# Sorry coz late update u about this changes. Thanks, Ikmal. Andrew Kenna [EMAIL PROTECTED] wrote: People, please follow the steps outlines on http://httpd.apache.org/The following are mirrors that are no longer valid, meaning 1 of the following1) They are un-reachable2) They do not contain the latest version of apache3) They are running a version of apache pre-dating 1.3.26Does anyone have any problems with removing mirror sites that are running versions of apache prior to 1.3.26 ? If not, and if I don't hear anything from the guys(after waiting 1 week) that maintain these web sites listed below they will all be removed from the official apache mirrors list.http://gd.tuwien.ac.at/infosys/servers/http/apache/dist/http://www.fokus.gmd.de/apache/dist/httpd/http://ftp.heanet.ie/mirrors/www.apache.org/dist/http://apache.fresh.co.il/dist/http://apache.happysize.co.jp/http://mirror.nucba.ac.jp/mirror/apache/dist/ - Apache 1.3.14http://elfas.kauko.lt/dist/ - Apache 1.3.23http://myapache.i-ownur.info/http://sunsite.icm.edu.pl/apache/dist/ - Apache 1.3.9http://apache.chg.ru/dist/ - Apache 1.3.22http://apache.en.com.sg/http://apache.siol.net/dist/ - Apache 1.3.4( this guy wins the for oldest verion of apache running on a mirror site)http://noc.cvaix.com/mirrors/apache/http://www.apache.inetcosmos.org/dist/ - Apache 1.3.19http://apache.insync.za.net/ - Apache 1.3.22http://apache.mirrorcentral.com/dist/ - Apache 1.3.23http://apache.ttlhost.com/ - Apache 1.3.23http://mirrors.ccs.neu.edu/Apache/dist/ - Apache 1.3.14Do you Yahoo!? Y! Web Hosting - Let the expert host your web site
Re: Mirror Update time
Just ignore this e-mail. It done already after I have some e-mail with Mr. Andrew. I think my e-mail can't go through coz the e-mail add that submit to mailing-list is different one. Sorry about this. Ikmal. "myfriend.is.not.my.enemies.org" [EMAIL PROTECTED] wrote: Hi Mr Andrew, I'm refering to http://myapache.i-ownur.info/ mirror url. I have change the pointing of our mirror to http://myapache.mybsd.org.my/. Just want some confirmation. Did I still need to upgrade my apache after I do the patches of my apache? Here are the thing from my update. [EMAIL PROTECTED] root]# up2date --list Fetching package list for channel: redhat-linux-i386-7.3... Fetching Obsoletes list for channel: redhat-linux-i386-7.3... Fetching rpm headers... Name Version Rel-- None of the packages you requested were found, or they are already updated.[EMAIL PROTECTED] root]# Sorry coz late update u about this changes. Thanks, Ikmal. Andrew Kenna [EMAIL PROTECTED] wrote: People, please follow the steps outlines on http://httpd.apache.org/The following are mirrors that are no longer valid, meaning 1 of the following1) They are un-reachable2) They do not contain the latest version of apache3) They are running a version of apache pre-dating 1.3.26Does anyone have any problems with removing mirror sites that are running versions of apache prior to 1.3.26 ? If not, and if I don't hear anything from the guys(after waiting 1 week) that maintain these web sites listed below they will all be removed from the official apache mirrors list.http://gd.tuwien.ac.at/infosys/servers/http/apache/dist/http://www.fokus.gmd.de/apache/dist/httpd/http://ftp.heanet.ie/mirrors/www.apache.org/dist/http://apache.fresh.co.il/dist/http://apache.happysize.co.jp/http://mirror.nucba.ac.jp/mirror/apache/dist/ - Apache 1.3.14http://elfas.kauko.lt/dist/ - Apache 1.3.23http://myapache.i-ownur.info/http://sunsite.icm.edu.pl/apache/dist/ - Apache 1.3.9http://apache.chg.ru/dist/ - Apache 1.3.22http://apache.en.com.sg/http://apache.siol.net/dist/ - Apache 1.3.4( this guy wins the for oldest verion of apache running on a mirror site)http://noc.cvaix.com/mirrors/apache/http://www.apache.inetcosmos.org/dist/ - Apache 1.3.19http://apache.insync.za.net/ - Apache 1.3.22http://apache.mirrorcentral.com/dist/ - Apache 1.3.23http://apache.ttlhost.com/ - Apache 1.3.23http://mirrors.ccs.neu.edu/Apache/dist/ - Apache 1.3.14 Do you Yahoo!?Y! Web Hosting - Let the expert host your web siteDo you Yahoo!? Y! Web Hosting - Let the expert host your web site
Re: Mirror Update time
Actually Andrew concern is about security for all apache mirror. I think this can seatle if every administrator/maintainer apply pathes for theirApache webserver. But how weknow'swhich Apache have been patch or not.I think that's why Andrew want to do like that. Thom May [EMAIL PROTECTED] wrote: * Andrew Kenna ([EMAIL PROTECTED]) wrote : People, please follow the steps outlines on http://httpd.apache.org/ The following are mirrors that are no longer valid, meaning 1 of the following 1) They are un-reachable 2) They do not contain the latest version of apache 3) They are running a version of apache pre-dating 1.3.26 Does anyone have any problems with removing mirror sites that are running versions of apache prior to 1.3.26 ? Yes, this is bogus. Most OS distributions prefer to backport patches ratherthan enforce an upgrade on their users. Debian's 2.2 release (the last but one, and still recieving updates) has afully patched 1.3.9 version in, which is as secure as 1.3.26.So you're just causing admins extra work for no real reason.-ThomDo you Yahoo!? Y! Web Hosting - Let the expert host your web site
