httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <hart...@ooo.lanl.gov>
Subject patch list vote
Date Wed, 15 Mar 1995 13:21:24 GMT

Here are my votes for the current patch list shown at
  http://www.hyperreal.com/httpd/patchgen/list.cgi

I'll use a vote of 
   -1 have a problem with it
    0 haven't tested it yet (failed to understand it or whatever)
   +1 tried it, liked it, have no problem with it.



B1:  The stack-scribbling security hole
vote: +1   (when used with David's config mallocs)
      -1   (when used without " " ")

B2:  SO_LINGER set on client sockets
vote: +1   (I didn't know what the problem was, but I'm happy with
             the explanations I've seen)

B3:  Server always pauses 3 seconds for scripts
vote: -1   (this patch is redundant)

B4:  <!--#config timefmt --> server-side include doesn't always take
vote: -1   (I've seen conflicting patches for this, I need to
             look more carefully at both "solutions"
            Nicholas forwarded a multi-line patch.
            Robert Evans has a 1 line patch.

B5:  XBITHACK not honored on (!--#include--)ed files
vote: 0    (I've looked at it, but didn't think while looking)

B6:  access files written w/o O_APPEND
vote: 0    (I haven't seen any code for this yet)

B7:  Allow directive redundant
vote: +1   (if that's in "patch.allow_then_deny")
vote: 0    (otherwsie)

B8:  numeric UID fails unless UID in passwd file
vote: 0    (haven't seen code)

P9:  initgroups() done once per connection
vote: +1   

P10: MIME headers read 1 character at a time
vote: 0    (haven't seen code)

P11: open_locale() and tzset() done once per connect
vote: +1 

P12: Shared-memory name server cache
vote: -1   (couldn't compile it on HP-UX)

P14: DBM-based user databases for HTTP authentication
vote: 0    (haven't seen code)

E15: add new CGI variables
vote: -1   (need to discuss consequences on CGI spec)

E16: Allow any URL to invoke a script
vote: 0    (haven't seen the code)
vote: -1   (if it isn't a compile time option)

B17: raise queue size in listen()
vote: -1   (there are kernel issues here, I have no argument with
             the patch, but I'd like to see it more portable first)

B18: Status; 302 should work, and doesn't
vote: +1

B19: Embedded blanks in headers don't work
vote: 0    (haven't seen the code)

E20: Add multi-homed server support
vote: 0   (haven't seen the code)

O21: 'Timeout' config setting missing from httpd.conf
vote: 0   (trivial)

B22:  Fix another stack scribbling hole
vote: 0   (haven't seen the code)

B23:  AddType for *.cgi, *.shtml won't work in .htaccess
vote: 0   (haven't seen the code)

E24:  Adds content-type negotiation
vote: -1  (still under development)

E25:  Custom error responses
vote: +1


         
If I've said "I haven't seen the code" that doesn't mean it
doesn't exist, it's proabably not obvious which patch this
refers to - we need the patch number in the filenames.

If this voting scheme makes sense, lets use it to filter out
the stuff we're happy with.
A "-1" vote should veto any patch. There seems to be about 6 or
7 of us activly commenting on patches, so I'd suggest that
once a patch gets a vote of +4 (with no vetos), we can add it
to an alpha.


rob

Mime
View raw message