[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SRM] Please review apache2_2.2.3-4+etch4

Stefan Fritsch wrote:
> Hi stable release managers,

Hi Stefan

> please review apache2 2.2.3-4+etch4 for inclusion in etch r3.

> The full debdiff is at
> http://people.debian.org/~sf/apache2_2.2.3-4+etch4.debdiff
> Unfortunately the fix for CVE-2007-4465 and CVE-2008-0005 needs 
> to introduce new config directives (otherwise there would be
> regressions). Therefore, and because of the corresponding 
> documentation updates, the diff is quite large.

Ok. diff still seems to be sane...

> In order for the behaviour in the default configuration to stay 
> the same, I updated apache2.conf and proxy.conf. Not doing so 
> would change the behaviour for people who use non-ASCII filenames. 
> If you think that would be better than forcing all people to merge 
> the changed apache2.conf, I could remove that change. I am not 
> quite sure which option is better.

Personally I would not change apache2.conf, but mention that people
should add it in the changelog as well as the news file how to do it if
they need to.

Changing proxy.conf is ok IMHO.



Reply to: