REQ RPM for Apache httpd 2.2.15

[xetic]

Just figured I'd see if anyone is making RPM's of apache as I'm not too fond of installing packages myself with plesk as something always seems to go wrong...

[scott]

We've been talking about addressing this for the centos 5 users, I think this might be a good thread for people on c5 to let it be known if this is something that interests them or not.

[JnascECSI]

I think it would be great if Atomic had apache in the repo so the latest is being used. Problem i have with backporting is because of the versioning stamp and PCI Compliance it seems monthly i have to help our merchants that we host for do their appeals on their scans because some ASV's are stupid and don't have the backport versions in their scan profiles.

[scott]

The irony here is that the scanners they use (nessus, etc) even tell them that its not to be trusted

[Highland]

I'd say the largest reason to do this is the anal-ness of the PCI scanners (and the fact that PCI still has confusion about what exactly constitutes compliance).

When Apache 2.4 gets closer to release (2.3.6 alpha just started a few days ago) and they have a more thorough feature set you might see more interest.

[scott]

If you're using ASL it should clean up the tokens in a way to resolve this with a PCI scanner (that isnt doing their job right...)

[xetic]

I'd say the largest reason to do this is the anal-ness of the PCI scanners...

Actually I was looking into it because their changelog shows a few good exploit fixes.

[scott]

those are all backported by redhat.There are no known vulnerabilities in httpd-2.2.3-43

[mikeshinn]

Remember version numbers are meaningless.