Atomicorp

Just figured I'd see if anyone is making RPM's of apache as I'm not too fond of installing packages myself with plesk as something always seems to go wrong...

We've been talking about addressing this for the centos 5 users, I think this might be a good thread for people on c5 to let it be known if this is something that interests them or not.

I think it would be great if Atomic had apache in the repo so the latest is being used. Problem i have with backporting is because of the versioning stamp and PCI Compliance it seems monthly i have to help our merchants that we host for do their appeals on their scans because some ASV's are stupid and don't have the backport versions in their scan profiles.

The irony here is that the scanners they use (nessus, etc) even tell them that its not to be trusted

I'd say the largest reason to do this is the anal-ness of the PCI scanners (and the fact that PCI still has confusion about what exactly constitutes compliance).

When Apache 2.4 gets closer to release (2.3.6 alpha just started a few days ago) and they have a more thorough feature set you might see more interest.

If you're using ASL it should clean up the tokens in a way to resolve this with a PCI scanner (that isnt doing their job right...)

Highland wrote:I'd say the largest reason to do this is the anal-ness of the PCI scanners...

Actually I was looking into it because their changelog shows a few good exploit fixes.

those are all backported by redhat.There are no known vulnerabilities in httpd-2.2.3-43

Remember version numbers are meaningless.