Here are my votes for the current patch list shown at
http://www.hyperreal.com/httpd/patchgen/list.cgi
I'll use a vote of
-1 have a problem with it
0 haven't tested it yet (failed to understand it or whatever)
+1 tried it, liked it, have no problem with it.
B1: The stack-scribbling security hole
vote: +1 (when used with David's config mallocs)
-1 (when used without " " ")
B2: SO_LINGER set on client sockets
vote: +1 (I didn't know what the problem was, but I'm happy with
the explanations I've seen)
B3: Server always pauses 3 seconds for scripts
vote: -1 (this patch is redundant)
B4: <!--#config timefmt --> server-side include doesn't always take
vote: -1 (I've seen conflicting patches for this, I need to
look more carefully at both "solutions"
Nicholas forwarded a multi-line patch.
Robert Evans has a 1 line patch.
B5: XBITHACK not honored on (!--#include--)ed files
vote: 0 (I've looked at it, but didn't think while looking)
B6: access files written w/o O_APPEND
vote: 0 (I haven't seen any code for this yet)
B7: Allow directive redundant
vote: +1 (if that's in "patch.allow_then_deny")
vote: 0 (otherwsie)
B8: numeric UID fails unless UID in passwd file
vote: 0 (haven't seen code)
P9: initgroups() done once per connection
vote: +1
P10: MIME headers read 1 character at a time
vote: 0 (haven't seen code)
P11: open_locale() and tzset() done once per connect
vote: +1
P12: Shared-memory name server cache
vote: -1 (couldn't compile it on HP-UX)
P14: DBM-based user databases for HTTP authentication
vote: 0 (haven't seen code)
E15: add new CGI variables
vote: -1 (need to discuss consequences on CGI spec)
E16: Allow any URL to invoke a script
vote: 0 (haven't seen the code)
vote: -1 (if it isn't a compile time option)
B17: raise queue size in listen()
vote: -1 (there are kernel issues here, I have no argument with
the patch, but I'd like to see it more portable first)
B18: Status; 302 should work, and doesn't
vote: +1
B19: Embedded blanks in headers don't work
vote: 0 (haven't seen the code)
E20: Add multi-homed server support
vote: 0 (haven't seen the code)
O21: 'Timeout' config setting missing from httpd.conf
vote: 0 (trivial)
B22: Fix another stack scribbling hole
vote: 0 (haven't seen the code)
B23: AddType for *.cgi, *.shtml won't work in .htaccess
vote: 0 (haven't seen the code)
E24: Adds content-type negotiation
vote: -1 (still under development)
E25: Custom error responses
vote: +1
If I've said "I haven't seen the code" that doesn't mean it
doesn't exist, it's proabably not obvious which patch this
refers to - we need the patch number in the filenames.
If this voting scheme makes sense, lets use it to filter out
the stuff we're happy with.
A "-1" vote should veto any patch. There seems to be about 6 or
7 of us activly commenting on patches, so I'd suggest that
once a patch gets a vote of +4 (with no vetos), we can add it
to an alpha.
rob
|