Return-Path: owner-new-httpd Received: by taz.hyperreal.com (8.6.10/8.6.5) id AAA16391; Sat, 18 Mar 1995 00:11:06 -0800 Received: from paris.ics.uci.edu by taz.hyperreal.com (8.6.10/8.6.5) with SMTP id AAA16381; Sat, 18 Mar 1995 00:11:00 -0800 Received: from avron.ics.uci.edu by paris.ics.uci.edu id aa19988; 18 Mar 95 0:00 PST To: new-httpd@hyperreal.com Subject: Re: patch list vote In-reply-to: Your message of "Fri, 17 Mar 1995 11:12:47 PST." Date: Sat, 18 Mar 1995 00:00:38 -0800 From: "Roy T. Fielding" Message-ID: <9503180000.aa19988@paris.ics.uci.edu> Sender: owner-new-httpd@hyperreal.com Precedence: bulk Reply-To: new-httpd@hyperreal.com Here are my votes. All the ones marked +1 (yes) have been tested by applying them in the following order: B35, B06, B33, B34, P11, B17 The order probably doesn't matter, but that's how I applied them. The patched build was then run successfully, but no fancy tests were run. Anything marked "patch?" means I could not find the patch at hyperreal. "I don't use it" means I have no use for the patch and would not be able to test it. NOTE: A patch is only valid if it can be downloaded as one file and applied via the command patch < patchfile.txt in the httpd/src directory. ================================================================== Vote Patch Description 0 B1 Submitter : CERT/cliffs@organic.com Big hammer Status : verified wrong nail Priority : 2 The stack-scribbling security hole 0 B2 Submitter : rst@ai.mt.edu/rst@ai.mt.edu patch? Status : invote Priority : 3 SO_LINGER set on client sockets -1 B3 Submitter : unknown/ Status : rejected Priority : 4 Server always pauses 3 seconds for scripts 0 B4 Submitter : unknown/ I don't Status : accepted use it Priority : 3 < timefmt --> does not always take 0 B5 Submitter : andrew@www.elsevier.co.uk I don't Status : invote use it Priority : 3 XBITHACK not honored on (!--#include--)ed files +1 B6 Submitter : fielding@ics.uci.edu/fielding@ics.uci.edu Status : invote Priority : 3 access_log open and write instead of stdio 0 B7 Submitter : unknown/ patch? Status : invote Priority : 3 Allow directive redundant 0 B8 Submitter : unknown/ patch? Status : invote Priority : 3 numeric UID fails unless UID in passwd file 0 P9 Submitter : unknown/ patch? Status : accepted Priority : 3 initgroups() done once per connection 0 P10 Submitter : unknown/ patch? Status : invote Priority : 3 MIME headers read 1 character at a time +1 P11 Submitter : rst@ai.mit.edu/rst@ai.mit.edu Status : invote Priority : 3 open_locale() and tzset() done once per connect 0 P12 Submitter : unknown/ risky Status : invote Priority : 5 Shared-memory name server cache 0 P14 Submitter : brian@hyperreal.com/brian@hyperreal.com I don't Status : accepted use it Priority : 3 DBM-based user databases for HTTP authentication 0 E15 Submitter : brian@hyperreal.com/brian@hyperreal.com patch? Status : invote Priority : 3 add new CGI variables 0 E16 Submitter : unknown/ patch? Status : invote Priority : 4 Allow any URL to invoke a script +1 B17 Submitter : rst@ai.mit.edu/rst@ai.mit.edu Status : invote Priority : 3 raise queue size in listen() -1 B18 Submitter : rst@ai.mit.edu/rst@ai.mit.edu BAD PATCH Status : received Priority : 3 Status: 302 should work, and doesn't 0 B19 Submitter : rst@ai.mit.edu/rst@ai.mit.edu patch? Status : dispatched Priority : 4 Embedded blanks in headers don't work 0 E20 Submitter : randy@zyzzyva.com/cliffs@organic.com patch? Status : invote Priority : 4 Add multi-homed server support 0 O21 Submitter : hartill@lanl.gov/ patch? Status : Priority : 5 'Timeout' config setting missing from httpd.conf -1 B22 Submitter : drtr@ast.cam.ac.uk/ Incomplete Status : Priority : % Fix another stack scribbling hole B22 does not solve the problem of overflows -- it should forcefully truncate strings prior to substitution rather than just include warnings. +1 B23 Submitter : rst@ai.mit.edu/ Status : Priority : 3 AddType for *.cgi, *.shtml won't work in .htaccess 0 E24 Submitter : rst@ai.mit.edu/ Too soon Status : Priority : 4 Adds content-type negotiation -1 E25 Submitter : brian@hyperreal.com/ wrong Status : dispatched approach Priority : 4 custom error messages E25 does not allow the custom error messages to know the important elements of the message (like the err_string) which tell the user where to go or what they requested. A header file-based approach (with %s marking where the err_string should be included) would be better. -1 E26 Submitter : hartill@lanl.gov/ DUPLICATE Status : of E25 Priority : 5 Allows files holding custom http error responses -1 B27 Submitter : rst@ai.mit.edu/ FAILED Status : Priority : 4 patch B23) doesn't work with XBITHACK -1 B28 Submitter : rst@ai.mit.edu/ DUPLICATE Status : of B27 Priority : 4 B23 doesn't work with the XBITHACK -1 B29 Submitter : rst@ai.mit.edu/ DUPLICATE Status : of B27 Priority : 4 B23) doesn't work with the XBITHACK 0 E30 Submitter : fielding@ics.uci.edu/fielding@ics.uci.edu Too soon Status : invote Priority : 5 Add logging of Referer and User-Agent to error_log 0 E31 Submitter : hartill@lanl.gov/ patch? Status : dispatched Priority : 5 custom access (and error ?) logging +1 B33 Submitter : fielding@ics.uci.edu/fielding@ics.uci.edu Status : invote Priority : 3 Remove MIME-version header from responses +1 B34 Submitter : fielding@ics.uci.edu/fielding@ics.uci.edu Status : invote Priority : 3 Adds slash to FancyIndexing parent directory URL +1 B35 Submitter : fielding@ics.uci.edu/fielding@ics.uci.edu Status : invote Priority : 3 Changes to new HTTP/1.0 date format 0 O36 Submitter : randy@zyzzyva.com/ patch? Status : Priority : 4 Code cleanup and portability changes -1 E37 Submitter : hartill@lanl.gov/ NOT A PATCH Status : Priority : 5 Allow connections to be rejected if high load av. ================================================================== That's all, .......Roy