Re: Wheezy update of apache2?
On 2017-07-18 20:53:35, Stefan Fritsch wrote:
> On Monday, 17 July 2017 16:57:00 CEST Roberto C. Sánchez wrote:
>> I did the deb7u9 update of apache2 and I was not aware of the regression
>> either. I wonder if it makes sense for bugs above a certain severity
>> affecting versions of a package which are security uploads to show up in
>> the security tracker. Or would there be some other sensible way, aside
>> from having to go to the BTS directly?
> Sorry that I haven't forwarded that to you in a timely manner. I think I have
> mentioned it before the previous upload, but it may have gotten lost
> I don't know how a reasonable automatic notification could look like. Probably
> it has to be up to the maintainer to forward such bug reports.
I would agree as well - we can't possibly watch all of the BTS for such
Honestly, I was surprised there wasn't more pushback on DLA-841-1: it
was a major change with significant impact. The patch was a mess to
backport, and basically rewrote the request parser in Apache (!). It was
bound to introduce more issues.
I'll try to tackle this one, naturally, since I'm the one who issued the
DLA in the end!
sorry about the trouble.
A genius is someone who discovers that the stone that falls and the
moon that doesn't fall represent one and the same phenomenon.
- Ernesto Sabato