Received: by taz.hyperreal.com (8.6.12/8.6.5) id JAA09835;
 Thu, 15 Feb 1996 09:53:27 -0800
Received: from mauve.csi.cam.ac.uk by taz.hyperreal.com (8.6.12/8.6.5) with
 ESMTP id JAA09828; Thu, 15 Feb 1996 09:53:19 -0800
Received: from cass41.ast.cam.ac.uk by mauve.csi.cam.ac.uk
          with SMTP-CAM (XTPP8.1) as ppsw.cam.ac.uk;
          Thu, 15 Feb 1996 17:50:17 +0000
Received: from mamba.ast.cam.ac.uk
          by cass41.ast.cam.ac.uk (SMI-8.6/SMI-SVR4)	id RAA08486;
          Thu, 15 Feb 1996 17:51:48 GMT
Received: by mamba.ast.cam.ac.uk (Smail3.1.29.1 #9)	id m0tn7qN-0000kJC;
          Thu, 15 Feb 96 17:51 GMT
Message-Id: <m0tn7qN-0000kJC@mamba.ast.cam.ac.uk>
Date: Thu, 15 Feb 96 17:51 GMT
From: drtr@ast.cam.ac.uk (David Robinson)
To: new-httpd@hyperreal.com
Subject: Re: vote status
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

Here are the rest of my votes:
23b.mmap               1
56.alias_userdir      -1

  Two reasons:
  1: There is appears to be a security hole:
       char redirect[256];
       sprintf(redirect, "%s%s%s%s", x, w, userdir, dname);
  where dname is the rest of the URL after the ~user bit
  
  2: I think the syntax is overly cumbersome:
  URL: http://myserver/~bar/one/two.html
  a. UserDir public_html      -> ~bar/public_html/one/two.html
  b. UserDir /usr/web         -> /usr/web/bar/one/two.html     
  c. UserDir /home/*/www     -> /home/bar/www/one/two.html
  
  These are ok, but
  
  d. UserDir http://x/users   -> (302) http://x/users/bar/one/two.html
  e. UserDir http://x/*/y     -> (302) http://x/bar/y/one/two.html
  
  these are too confusing. This should be provided by updating the
  Redirect syntax, to something like
  Redirect /~* http://other.com/users/
  
  Not only is it simpler, but it is also much closer to the syntax that
  NCSA die-hards are used to.

61a.preserve_redirect  1
62a.escape_html        1
66.htaccess-cache      1
68b.strftime           1
73a.mod_actions        1

  [Should this be compiled in by default, or should it be commented out of
   Configuration?]

74.icons               1
75.icons               1
77.user_name           1
78.preserve_redirect  -1

I think this breaks custom error responses for POST queries.

85.lost_conn           1
86a.scoreboard_into_l  1
90g.keepalive          0 [but I'd like to give -1]
Problems: it doesn't free memory between requests because it preserves
data from earlier requests; this is wrong as HTTP is meant to be stateless
(currently). I'm also concerned as to how it would cope with NPH scripts
and also if an error occurs for a POST requests, resulting in the supplied
data not being read.

91.config_dns          1
92.alias_htaccess      1
94a.httpd_monitor      (not tested)
97.proxy-03            1
98.errorlog            1
99b.bind               1
100d.os2_port          0
101.add_strerror_to    1
apache-msql-demo       not tested
logresolve.c           1
mod_alias_map.c       -1 for src/, 0 for contrib/ I couldn't understand what
                         it does!
mod_auth_anon.c       -1

This simply does not work for; the module always seems to decline access

mod_auth_db.c          not tested
mod_auth_msql.c        not tested, shouldn't this be in contrib/ ?
mod_cern_meta.c        0, but +1 if the compilation warning is fixed by
                       using strrchr() instead of rindex()


 David.