Re: Apache httpd 2.4.39 GA for Windows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Sorry, did not know,  new for me. 

Was just informing the community that the change log has undergone a change. And the new change log is only available with the next release. 

We and other sites (eg AH etc) making already for years and years a release available as soon as it had passed the vote as GA., and you should know that. Why now in public this mail after all that years ?

Please off list. 


Op 2 apr. 2019 om 19:14 heeft William A Rowe Jr <wrowe@xxxxxxxxxxxxx> het volgende geschreven:

On Tue, Apr 2, 2019 at 2:35 AM Steffen <info@xxxxxxxxxxxxxxxx.invalid> wrote:
The ASF HTTPD project did not mention security vulnerabilities fixed in
the initial changelog 2.4.39.

To be 100% accurate, the ASF HTTP Server project had not announced the
release of 2.4.39. It had concluded a vote, but only the RM's announcement
triggers the release. There is a delay for the RM to stage the artifacts so they
can be downloaded by anyone from our entire array of mirror sites. And in
that time, the RM could even pull the release owing to a serious packaging
glitch, if they should need to (this happened not so long ago at httpd.)

You jumped the gun by pre-announcing your package as a "release", ahead 
of the RM's announce and ahead of downloads from the ASF, which is poor 
form to say the least. 

Security issues are embargoed until that announcement is broadcast by 
the RM to the entire public at once. The project will not mention security 
vulnerabilities fixed until that moment.

This isn't to say you shouldn't assemble your release of version x.y.z based
on the vote candidate; in fact any change to that source package will always
trigger version x.y.z+1, so there is no risk that your build varies from the final
announced package. Be ahead of the game preparing your binary package,
but defer any publicity until after the actual announcement.



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux