Re: svn commit: r1793940 - in /httpd/docs-build/trunk: deps.xml lib/allmodules.pl

On May 5, 2017 9:28 AM, "Jacob Champion" wrote: On 05/05/2017 01:34 AM, André Malo wrote: > Well... It was a split-project back then (in CVS even... :-)). I'm also not > sure we want all those jar files and stuff in the main repo. Most people > neither use nor need it. >

Re: Change from ad-hoc/historical security process to ASF process?

On 05/05/2017 01:32 PM, Jim Jagielski wrote: +1... Lets do it. BTW, I would adjust #16 to include: Add the CVE to the CHANGES file. That way, it's still documented in CHANGES, just after the release is spun out, show it shows up in the next release's CHANGES. Sounds good to me. --Jacob

Re: Change from ad-hoc/historical security process to ASF process?

+1... Lets do it. BTW, I would adjust #16 to include: Add the CVE to the CHANGES file. That way, it's still documented in CHANGES, just after the release is spun out, show it shows up in the next release's CHANGES. > On May 5, 2017, at 8:39 AM, Eric Covener wrote: > >

Re: Change from ad-hoc/historical security process to ASF process?

On 05/05/2017 05:39 AM, Eric Covener wrote: Here is the change that probably has the biggest impact to the community: """ ... The project team commits the fix. No reference should be made to the commit being related to a security vulnerability. This is the only part that makes me nervous,

Re: svn commit: r1793940 - in /httpd/docs-build/trunk: deps.xml lib/allmodules.pl

[Re-cc'ing docs. Sorry.] On 05/05/2017 01:34 AM, André Malo wrote: Well... It was a split-project back then (in CVS even... :-)). I'm also not sure we want all those jar files and stuff in the main repo. Most people neither use nor need it. I don't mind having the binaries in a separate

Re: svn commit: r1793940 - in /httpd/docs-build/trunk: deps.xml lib/allmodules.pl

On 05/05/2017 01:34 AM, André Malo wrote: Well... It was a split-project back then (in CVS even... :-)). I'm also not sure we want all those jar files and stuff in the main repo. Most people neither use nor need it. I don't mind having the binaries in a separate place, so much as I mind

Change from ad-hoc/historical security process to ASF process?

(note to security@ folks -- this is a public dev@ thread!) Hi All. Over the years we have tried different approaches to handling CVEs, varying based on who did the work, their understanding of the unwritten procedures, and the severity of the bug. We haven't ever come to a solid consensus on

Re: svn commit: r1793940 - in /httpd/docs-build/trunk: deps.xml lib/allmodules.pl

* Jacob Champion wrote: > [crossposting dev@ and docs@] > > On 05/04/2017 04:55 PM, jchamp...@apache.org wrote: > > Author: jchampion > > Date: Thu May 4 23:55:48 2017 > > New Revision: 1793940 > > > > URL: http://svn.apache.org/viewvc?rev=1793940=rev > > Log: > > override index: add deps and

Re: Using TLS1.3 With OpenSSL - OpenSSL Blog

2017-05-05 7:55 GMT+02:00 Stefan Eissing : > Looks like almost all our users will need to reconfigure their cipher > suites, once we ship 2.4.26 and they install OpenSSL 1.1.x: > > "If you explicitly configure your ciphersuites then care should be taken > to ensure