Re: [users@httpd] Where to download a windows executable installation version of Apache 1.3.12 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sean Conner wrote:
Why would you want to go back in time?

 Any number of reasons, including size restrictions, custom modules that
haven't been ported to 2.x, support issues, etc. etc.

A burning desire to expose oneself to security problems?
http://httpd.apache.org/security/vulnerabilities_13.html

  Maybe.  Maybe not.  It depends on which modules are in use, platforms
used, etc. etc.  (I'm running 1.3.31 on a server---the bugs listed past
1.3.31 don't affect the server at all since I'm not using the modules in
question, or the conditions don't apply).
  -spc (Again, if it ain't broke, don't fix it)

Exactly Sean; you answered your own statement.  If you read that list of
vulnerabilites_13 and compare your two paragraphs above, you will prove
yourself the fool, considering that core itself on windows was vulnerable
(a 'module' that's impossible to work around) and the inquiry was for Windows
version 1.3.12, so they determined the platform in use and the target version
they desired to install.

You are right in the sense that features-not-in-use aren't a vulnerability.
But it overlooks the fact that when you install a version with vulnerabilities,
and then you (or another admin) later enable the feature-with-vulnerability,
you prove your original 'legacy install' was a poor choice in the first place.

Anyways, Shai answered the poster's question, heaven help him :)  But hey, what
is one more windows zombie box anyways?  A raindrop in the hurricane doesn't
make all that much difference :

Besides vulnerabilities, do be aware that much smaller, but sometimes bugs that
affect you, do get stealth fixes without hitting CHANGES.  The only way to see
all the changes is to review all the commits between versions.  The developers
try to mention most of the big stuff that folks will frequently notice, but if
your server isn't behaving correctly - using the latest version (**especially**
for fresh installs!) will get you faster results from a bug report.  The devs
often ignore bug reports against 2 year old versions of the software.  Those
are your problem, trunk (or the current releases) is what the devs feel some
pride and ownership of.

Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux