Alex Rousskov wrote:
On 09/12/2009 05:36 AM, Amos Jeffries wrote:
Updating the checklist today I again wonder if we can repeat the step
from 2.7 and enable HTTP/1.1 on requests sent to servers
As far as I can see the missing bits 3.2 needs to take that step are:
- reject http-Upgrade requests from clients.
- reject Expect-100 requests from clients.
anything else?
NP: both of those are temporary measures to prevent passing something
through to the server that will get us into trouble. Until we get real
support for them ready.
PS... Alex and co, what hardware/system requirements are needed to run
one of the audits?
There are pretty much no special requirements other than internet
connectivity because one can use Co-Advisor hosted on the Factory
server. Linux RPMs can be used if remote testing is not possible. The
tool does not require a fast CPU and 512MB RAM should be sufficient.
Alex.
Okay, wonderful.
Then could we get things moving towards an audit of 3.1.0.16 when it
happens next month please? possibly with a followup for 3.1.1 when the
bits that first audit finds are fixed.
I'll do the gopher work myself if need be.
Amos
