On 1/6/2012 8:32 AM, Eric Covener wrote:
> Looks like SuSE backported the trunk fix which misfires on the
> internally dummy conn.
>
> STATUS says we were thinking of flipping this to declined. Looks like
> a good idea?
This is consistent with failing to populate
https://dist.apache.org/repos/dist/release/httpd/patches/apply_to_2.2.21/
with the right security patches, leaving the world to guess at a fix.
I'm volunteering to roll 2.2.22 Monday or as quickly thereafter as
1. all known [and undisclosed] vulnerabilities fixes are committed, and
2. all those patches reside in apply_to_2.2.21/
Likewise, I'm offering the same for 2.0.65 on the same or following day
(whatever that turns out to be).
I'm casting my -1 on all 2.3.x/2.4.0 candidates which have security patches
that had not been recorded in the corresponding
https://dist.apache.org/repos/dist/release/httpd/patches/apply_to_2.3.16/
since we asked users to deploy that beta; we owe them that courtesy.
We've gotten really, really schlocky about getting the code into users hands,
releases themselves notwithstanding.
