On Wed, Jul 20, 2016 at 6:27 AM, Konstantin Kolinko <kkoli...@apache.org>
wrote:

> 2016-07-20 12:37 GMT+03:00 Bertrand Delacretaz <bdelacre...@apache.org>:
> > On Tue, Jul 19, 2016 at 8:02 PM, William A Rowe Jr <wr...@rowe-clan.net>
> wrote:
> >> What if we digest the audience and list the scope (different projects
> which
> >> are impacted/offering mitigations) in a more conversational tone,
> mention
> >> the httpoxy URL and just point the reader to
> >> https://www.apache.org/security/asf-httpoxy-response.txt for all the
> >> detailed workarounds we've offered?...
> >
> > That sounds good to me, here's a minimal suggestion that we might
> > publish at https://blogs.apache.org/foundation/ unless you want
> > something more complete.
> >
> > ***
> > Title: "httpoxy" CGI vulnerability response
> >
> > A group of ASF projects (HTTP, Tomcat, Traffic Server, Perl) has
> > analyzed the CGI application vulnerability recently published at
> > https://httpoxy.org/
> >
> > Their detailed analysis, targeted at Web server administrators and CGI
> > developers and including mitigation information, can be found at
> > https://www.apache.org/security/asf-httpoxy-response.txt
> > ***
>
>
> I think that perl in list of ASF projects should be spelled "Perl
> (mod_perl)",
> to distinguish it from Perl programming language as a whole.
>
> Also HTTP in that list to be spelled "HTTP Server"
>

Good points, think we can go with your text plus these edits, Bertrand.

Thanks!

Bill

Reply via email to