Hi Eric, I’m going to work on setting up a test system for all of our supported environments so that we can test our platform quicker and provide feedback during the T&R period.
I’d love to try and give back to the project honestly. cPanel has used Apache in the core of our webstack for at least 10 years so it would be great if we could provide some extra eyes for testing releases, if not more. Sorry if I came across a little… crass. It’s been a long day. — Jacob Perkins Product Owner cPanel Inc. jacob.perk...@cpanel.net <mailto:jacob.perk...@cpanel.net> Office: 713-529-0800 x 4046 Cell: 713-560-8655 > On Dec 21, 2015, at 5:20 PM, Eric Covener <cove...@gmail.com> wrote: > > On Mon, Dec 21, 2015 at 2:38 PM, Jacob Perkins <jacob.perk...@cpanel.net> > wrote: >> CentOS 5 still ships with OpenSSL 0.9.8, and is still supported for another >> year or so. Considering there’s a lot of servers still running CentOS 5 (and >> possibly older), it feels as if this would have been caught. > > Do you mean could or should have been caught? > > It wasn't caught until someone compiled it against openssl < 0.9.8m > (which is not the latest 0.9.8). I can't see many scenarios where someone > will compile a new 2.4.x release and not have a contemporary openssl -- > beyond trying to catch exactly these kinds of problems during a release. > >> Especially something as small as a missing semicolon. > > Well, usually small problems are the ones that fly under the radar. > Anything > catastrophic to the build will not go unnoticed, but someone has to build on > the > affected platform/compiler/prereqs/???. > >> Would a linter / compile check to proactively check those things help? > > Dunno, possible.
signature.asc
Description: Message signed with OpenPGP using GPGMail
