Re: [SRM] Please review apache2_2.2.3-4+etch4

To: Stefan Fritsch <sf@debian.org>
Cc: debian-release@lists.debian.org, debian-apache@lists.debian.org
Subject: Re: [SRM] Please review apache2_2.2.3-4+etch4
From: Luk Claes <luk@debian.org>
Date: Sun, 27 Jan 2008 15:21:40 +0100
Message-id: <[🔎] 479C9374.4050308@debian.org>
In-reply-to: <[🔎] 200801261555.16169.sf@debian.org>
References: <[🔎] 200801261555.16169.sf@debian.org>

Stefan Fritsch wrote:
> Hi stable release managers,

Hi Stefan

> please review apache2 2.2.3-4+etch4 for inclusion in etch r3.

> The full debdiff is at
> http://people.debian.org/~sf/apache2_2.2.3-4+etch4.debdiff
> 
> Unfortunately the fix for CVE-2007-4465 and CVE-2008-0005 needs 
> to introduce new config directives (otherwise there would be
> regressions). Therefore, and because of the corresponding 
> documentation updates, the diff is quite large.

Ok. diff still seems to be sane...

> In order for the behaviour in the default configuration to stay 
> the same, I updated apache2.conf and proxy.conf. Not doing so 
> would change the behaviour for people who use non-ASCII filenames. 
> If you think that would be better than forcing all people to merge 
> the changed apache2.conf, I could remove that change. I am not 
> quite sure which option is better.

Personally I would not change apache2.conf, but mention that people
should add it in the changelog as well as the news file how to do it if
they need to.

Changing proxy.conf is ok IMHO.

Cheers

Luk

Reply to:

Follow-Ups:
- Re: [SRM] Please review apache2_2.2.3-4+etch4
  - From: Stefan Fritsch <sf@debian.org>

References:
- [SRM] Please review apache2_2.2.3-4+etch4
  - From: Stefan Fritsch <sf@debian.org>

Prev by Date: Re: 'rott' package still not in testing (not-for-us on s390)
Next by Date: Re: Should tasksel be installable on all archs?
Previous by thread: [SRM] Please review apache2_2.2.3-4+etch4
Next by thread: Re: [SRM] Please review apache2_2.2.3-4+etch4
Index(es):
- Date
- Thread