DrBacchus' Journal

I don't see where there is a difference between what the article says and what you say.

You say:
I felt that the question was intended to make me say that the security fix was applied only to 2.0 because 1.3 is intrinsically more secure. That's not really the case. If anything, I think that 2.0 is probably more secure, simply because it is more thoroughly designed. But on both versions, security holes are fixed as soon as they are found. So if we thought that one was more secure than the other, that would be immediately rectified.

If I hear you correctly, you are saying that 2.0 was developed seperate and different from 1.3. Even though they are both "adequate" from a security perspective, any flaw found in either is taken care of. This particular flaw was in 2.0 and not in 1.3 due to the differentiation between the two.

http://www.internetnews.com/dev-news/article.php/3329411 says:
"The Apache's HTTP Server 1.3.x branch, currently at version 1.3.29 was not updated at this time...

It means that these particular bugs were not present in the latest 1.3 version (1.3.29). Apache Software Foundation member Rich Bowen told internetnews.com." I'm not making a sweeping comment to say that 1.3 or 2.0 is "more secure" because that would be inaccurate."

Seems they are pointing out that 1.3 was not updated and 2.0 was. They also point out that you say that neither is "more secure" than the other, just different.

But, maybe I am missing something...

--Moose

Ok. Thanks for your perspective. In the "interview" he seemed to be trying to get me to say that 1.3 is more secure and more stable than 2.0, and I wasn't biting.

On the other hand, he seemed to be a nice guy, and perhaps I was just letting my natural aversion to reporters get away from me! :-)