Re: Change from ad-hoc/historical security process to ASF process?

2017-05-22 Thread Yann Ylavic
On Sun, May 7, 2017 at 3:17 AM, William A Rowe Jr wrote: > On May 5, 2017 13:32, "Jim Jagielski" wrote: > > +1... Lets do it. > > BTW, I would adjust #16 to include: > >Add the CVE to the CHANGES file. > > That way, it's still documented in CHANGES,

Re: The drive for 2.4.26

2017-05-22 Thread Gregg Smith
Yes it did, thanks for following up. On 5/22/2017 9:23 AM, Jacob Champion wrote: On 04/20/2017 01:06 PM, Gregg Smith wrote: This is ApacheBench, Version 2.3 <$Revision: 1750960 $> Same result with trunk, it just hangs. Glad it's not just Windows! Gregg, did Rainer's patch work for you on

Re: The drive for 2.4.26

2017-05-22 Thread Jacob Champion
On 04/20/2017 01:06 PM, Gregg Smith wrote: This is ApacheBench, Version 2.3 <$Revision: 1750960 $> Same result with trunk, it just hangs. Glad it's not just Windows! Gregg, did Rainer's patch work for you on Windows? Looks like it hasn't been pushed into trunk yet, so I'll apply it today and

Re: Change from ad-hoc/historical security process to ASF process?

2017-05-22 Thread Eric Covener
On Mon, May 22, 2017 at 10:58 AM, Eric Covener wrote: > Last chance for anyone else to speak up. Not really "last", but before this thread is lost forever to everyones mail archives. -- Eric Covener cove...@gmail.com

Re: Change from ad-hoc/historical security process to ASF process?

2017-05-22 Thread Eric Covener
On Sat, May 6, 2017 at 9:17 PM, William A Rowe Jr wrote: > On May 5, 2017 13:32, "Jim Jagielski" wrote: > > +1... Lets do it. > > BTW, I would adjust #16 to include: > >Add the CVE to the CHANGES file. > > That way, it's still documented in CHANGES,

Re: The drive for 2.4.26

2017-05-22 Thread Jim Jagielski
I think we are *really* close! What say we try for a T sometime this week? Who wants to RM? If no one does, I will.

Re: Ideas from ApacheCon

2017-05-22 Thread Jim Jagielski
I'll let Jim Riggs answer that...it came up during his mod_cache talk. > On May 18, 2017, at 2:25 PM, Eric Covener wrote: > > On Thu, May 18, 2017 at 2:22 PM, Rainer Jung wrote: >>> o Look into AAA and mod_cache; eg: "bolt in at the end" > > Does

in case someone missed this

2017-05-22 Thread Stefan Eissing
The OCSP weaknesses in our server as experienced during the LetsEncrypt server outage: https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html