[CentOS] Apache RPM's

Ross S. W. Walker rwalker at medallion.com
Wed Feb 13 15:01:51 UTC 2008


Johnny Hughes wrote:
> 
> Bob Boilard wrote:
> > Hello all,
> >  
> > I love CentOS, but I am seriously regretting selecting 
> Centos 4.4 for my
> > production hosting servers. The current situation with 
> CentOS 4.4 and being
> > stuck at Apache 2.0.52 is a huge problem because of the new 
> requirements for
> > the Credit Card industry PCI scan. Apache 2.0.52 does not pass PCI
> > compliance scans. which means no ecommerce on any of these 
> servers - MAJOR
> > ISSUE. So my question to the community is: when are new 
> Apache RPM's going
> > to be released or at minimum a backported version that 
> plugs these security
> > holes so we can pass PCI scans. Apache 2.0.52 has some 
> major issues that
> > need to be dealt with?
> >
> 
> I am almost positive that this issue is one of the scan 
> software using 
> version numbers and not understanding that RHEL backports fixes.

It is a big fear of mine that this may become more and more
of an issue when government agencies start setting stricter
and stricter software compliance guidelines.

The agencies don't know what security backports vendor XYZ
has implemented and frankly they don't care. All they have
is a list of minimum version numbers that software must be
at in order for it to be deemed "compliant".

I think we will start seeing this in the PCI and HIPA
compliance regulations first, but I wouldn't be surprised
if it leaks out into GLBA and other regulations over time.

I think it will be these compliance issues that may force
upstream to change their strategy otherwise I can see this
being a roadblock to RHEL/CentOS adoption in these
industries in the future.

-Ross

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.




More information about the CentOS mailing list