Paul Adamczyk wrote:
I am analyzing the compliance of Web servers with the HTTP standard. I would like to request some feedback on my results. Which of the many Apache mailing lists would be most appropriate to submit that request?
Email dev@xxxxxxxxx with observations of compliance or lack thereof. We prefer you email security@xxx if you observe that it's possible to exploit compliance, or the lack thereof, to produce nefarious effects, e.g. the Watchfire class of protocol vulnerabilities. This is routed to the developers internally, and they work with reporters to ensure proper acknowledgments and coordination of announcements (as well as resolving the vulnerability and coordinating a bug fix release.) Of course if you find a bug, you are also welcome to open a bugzilla incident under http://issues.apache.org/ Bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|