William A. Rowe, Jr. wrote: > I agree it would be nice to repost an OpenSSL/mod_ssl advisory on our > pages (mod_ssl is a sister project, after all.) > > But understand that the ASF took ownership of mod_ssl for Apache 2.0, > not 1.3, and we not married to any particular SSL library (although many > of us are very proud of the OpenSSL project, and several major contributors > overlap between the projects.) > > So +1 to rebroadcasting mod_ssl's or OpenSSL's announce, but I'm not > losing sleep over it. This is clearly OpenSSL's little bugger > (inherited in > part or in full by other implementations, depending on their code > affinity.)
Certainly I'm talking about doing this as a service to our users, not as an obligation. I've updated the httpd.apache.org homepage with a few words on the subject. I'll wait a couple hours before I make it live in case anyone who is more familiar with this stuff wants to fine-tune it. I think it would also be a good idea to send an email to the announce@ lists, but I'm not pgp-enabled at the moment, so I can't do it. Joshua.
