On Fri, May 5, 2017 at 1:51 PM, Yehuda Sadeh-Weinraub <yeh...@redhat.com> wrote: > > TL;DR: Does anyone care if we remove support for fastcgi in rgw?
Please remove it as soon as possible. The old libfcgi project's code is a security liability. When upstream died, there was a severe lack of coordination around distributing patches to fix CVE-2012-6687. I expect a similar level of chaos if another CVE surfaces in this library. There are also unanswered questions about libfcgi's continued use of poll vs select, see https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417/comments/5 . - Ken _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
