Re: apache problem

[Stephen Smoogen <smoogen () lanl gov>]

Here is how I understand it:

Red Hat supports 3 versions of their boxed OS with security fixes at
this time: Red Hat Linux 6.2, Red Hat Linux 7.3, and Red Hat Linux 8.0.
They will do security fixes which would be to apache-1.3.2? for 6.2 and
7.3 and for 8.0 it would be 2.x.

Red Hat rarely gives out for code revisions for security problems but
insteads does back ports of code fixes for most vulnerabilities (so they
would patch say 1.3.23 with the security fixes from 1.3.27 versus
putting out a 1.3.27). The general reason is that it is easier to audit
the code that way, and to also make sure that various ABI/API changes
that might have occured between versions do not affect customers. 

The rare case where Red Hat would send out a completely new version
would be where the fixes break ABI/API or are so invasive that one might
as well release the newer version (plus all the needed fixes for other
mod_* items). 

Going forward, Red Hat will be focusing on the apache 2.x series for
their 8.0 and beyond Linux releases. 


On Tue, 2002-10-15 at 16:28, Homer Wilson Smith wrote:
>     I have been told that RedHat does not have updates for
> apache-1.3.27 and has abandoned it for 2.x
>
>     Is there any truth in this?
>
> ------------------------------------------------------------------------
> Homer Wilson Smith     The Paths of Lovers    Art Matrix - Lightlink
> (607) 277-0959 KC2ITF        Cross            Internet Access, Ithaca NY
> homer () lightlink com    In the Line of Duty    http://www.lightlink.com

-- 
Stephen John Smoogen            smoogen () lanl gov
Los Alamos National Labrador  CCN-2 B-Schedule  PH: 
Ta-03 SM-261  MailStop P208 DP 17U  Los Alamos, NM 87545


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com