From owner-freebsd-hackers Fri Jun 21 1:38:16 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from warez.scriptkiddie.org (uswest-dsl-142-38.cortland.com [209.162.142.38]) by hub.freebsd.org (Postfix) with ESMTP id 610E037B407 for ; Fri, 21 Jun 2002 01:38:13 -0700 (PDT) Received: from [192.168.69.11] (unknown [192.168.69.11]) by warez.scriptkiddie.org (Postfix) with ESMTP id 0D5CA62D1A; Fri, 21 Jun 2002 01:38:09 -0700 (PDT) Date: Fri, 21 Jun 2002 01:43:19 -0700 (PDT) From: Lamont Granquist To: Kris Kennaway Cc: Frank Mayhar , Patrick Thomas , Subject: Re: inuring FreeBSD to the apache bug without upgrading apache ? In-Reply-To: <20020621004953.A80059@xor.obsecurity.org> Message-ID: <20020621014218.R933-100000@coredump.scriptkiddie.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 21 Jun 2002, Kris Kennaway wrote: > On Thu, Jun 20, 2002 at 07:33:54PM -0700, Frank Mayhar wrote: > > Kris Kennaway wrote: > > > Surely it's easier to just upgrade the apache port, instead of > > > recompiling your kernel and the entire OS. > > > > Not always. (I'm running an old version of Covalent Raven SSL and I'm > > loathe to upgrade. "If it works, don't fix it" and there are only so > > many hours in a day.) > > The exact same argument can be made for not upgrading the OS, which is > a much larger endeavour and can potentially screw things up much > worse. You can just patch the running version of apache with the diffs that fix the security hole. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message