httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dirk.vanGulik" <>
Subject Re: apache-demo and mod_auth_msql.c
Date Thu, 13 Jun 1996 07:14:28 GMT
> Brian Behlendorf liltingly intones:
> > 
> > I have a question for the group.  This module is mostly the work of Dirk,
> > with comments from Vivek and of course input from the rest of us.  But to
> > be honest, most of us do not have the capability to test this ourselves,
> > since most of us don't have MSQL running ourselves.  I think I remember
> > Randy and Chuck mentioning they were using this, but I could be wrong. 
> > So, in that situation, where the usual 3 +1 votes are needed to commit
> > large changes, and our usual policy of only putting stuff in the
> > distribution which we are willing to risk CERT warnings over, are we
> > comfortable with the situation of a module with one developer and a small
> > userbase?  In this situation I am, based upon personal knowlege of Dirk
> > and his technical capabilities, but for just to keep everyone on the same
> > page I ask if this is an okay situation. 
> > 
> Clarification: I'm not using this, so I'm a +0 here. That also means I'm
> not against mod_auth_msql, and am willing to risk having to take 3-5% of
> the heat from a possible CERT advisory, given your endorsement of Dirk.

Given that all these modules are potential security holes, I still am surprized
to see *all* of them (apart from mod_auth.c) anywhere near the core releases.

How about having a separate directory with the access modules ?


View raw message