enterprise-support team mailing list archive

Thread
Date

[Question #213037]: PCI Compliance -> Version Numbers

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: d1gital <question213037@xxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 01 Nov 2012 23:01:14 -0000
Reply-to: question213037@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

New question #213037 on apache2 in Ubuntu:
https://answers.launchpad.net/ubuntu/+source/apache2/+question/213037

Today I was faced with the option of installing apache 2.2.23 from source, or moving the servers to Amazon's RPM-based distro, just because PCI standards require that particular apache version.  I really don't want to see ubuntu losing users and/or respect because its software repositories lag too far behind in this area.

PCI Compliance standards are generally pretty strict on the installed apache version--
Right now, for example, the standard requires that we use apache 2.2.23+, but the latest available in the repos is 2.2.22 .
I realize that we often patch security holes in the -ubuntu releases, but shouldn't we follow upstream a little more tightly, at least in the case of server software as crucial and ubiquitous as apache?

-- 
You received this question notification because you are a member of
Ubuntu Server/Client Support Team, which is an answer contact for
apache2 in Ubuntu.