|
> Date: Sat, 25 Feb 2012 08:45:09 -0600 > From: bmillett@xxxxxxxxx > To: users@xxxxxxxxxxxxxxxx > Subject: Re: using a vendor's apache > > On Sat, 25 Feb 2012 13:06:45 +0000 > Edward Quick <edwardquick@xxxxxxxxxxx> wrote: > > > > > Hi Apache Users, > > The place where I work is embarking on a project to migrate custom apache > > builds to the RHEL6 build. Obviously that brings certain limitations (not > > being able to use the snazzy new Apache 2.4 version for example!!) I was > > curious whether anyone else had gone down this route, and what their > > experiences were like, and whether they were pleased with the end result. > > My experience has to do with PCI compliancy. Most of the compliancy checkers > look for the version number, so the latest rhel version (even though it has > all of the patches) fails due to having a lower rev than what it is looking > for to be compliant. > > -- > Brian Millett > "If anyone asks, say it fell from the sky." > -- [ Delenn to Sinclair (re: Vorlon files), "The Gathering"] Thanks Brian, That hadn't even crossed my mind to be honest, and not wishing to state the obvious, I assume you have ServerSignature set to off. PCI is fundamental to most places these days. Are those compliancy checks carried out by a third party and if so, wouldn't it just be a case of telling them their checks are wrong? |
|