> Date: Sat, 25 Feb 2012 08:45:09 -0600
> From: bmill...@gmail.com
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] using a vendor's apache
>
> On Sat, 25 Feb 2012 13:06:45 +0000
> Edward Quick <edwardqu...@hotmail.com> wrote:
>
> >
> > Hi Apache Users,
> > The place where I work is embarking on a project to migrate custom apache
> > builds to the RHEL6 build. Obviously that brings certain limitations (not
> > being able to use the snazzy new Apache 2.4 version for example!!) I was
> > curious whether anyone else had gone down this route, and what their
> > experiences were like, and whether they were pleased with the end result.
>
> My experience has to do with PCI compliancy. Most of the compliancy checkers
> look for the version number, so the latest rhel version (even though it has
> all of the patches) fails due to having a lower rev than what it is looking
> for to be compliant.
>
> --
> Brian Millett
> "If anyone asks, say it fell from the sky."
> -- [ Delenn to Sinclair (re: Vorlon files), "The Gathering"]
Thanks Brian,
That hadn't even crossed my mind to be honest, and not wishing to state the
obvious, I assume you have ServerSignature set to off.PCI is fundamental to
most places these days. Are those compliancy checks carried out by a third
party and if so, wouldn't it just be a case of telling them their checks are
wrong?
