Received: by taz.hyperreal.com (8.8.4/V2.0) id XAA10442;
 Sun, 16 Feb 1997 23:02:03 -0800 (PST)
Received: from paris.ics.uci.edu by taz.hyperreal.com (8.8.4/V2.0) with SMTP
 id XAA10328; Sun, 16 Feb 1997 23:01:52 -0800 (PST)
Received: from kiwi.ics.uci.edu by paris.ics.uci.edu id aa05568;
          16 Feb 97 22:58 PST
To: new-httpd@hyperreal.com
Subject: Re: updated status for 1.2b7 
In-reply-to: Your message of "Sun, 16 Feb 1997 03:30:47 MST."
             <Pine.BSF.3.95.970216032958.23557f-100000@alive.znep.com>
Date: Sun, 16 Feb 1997 22:58:21 -0800
From: "Roy T. Fielding" <fielding@kiwi.ICS.UCI.EDU>
Message-ID: <9702162258.aa05568@paris.ics.uci.edu>
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

Release-wise, I like to list what must be in the beta, what we would
like to be in the beta, and what we have decided to postpone.  The tarball
is created when all "musts" are committed and a vote is made on all the
"would likes" for which we have patches, committing those that pass,
with a deadline for votes set as soon as the "musts" are committed.
The deadline should be on the order of 36 hours away, since that gives
everyone a chance to sleep first.

>Patches ready for testing, voting:
>
>  * reduce default timeout to 300 all around
>	Status: Marc posted patch

committed

>  * warning on SunOS4, http_log.c:164, pointer from int without cast
>       Status: Marc posted patch

committed

>  * escaping '{''s in SSI has changed.  Bug?
>    Message-ID: <Pine.BSF.3.91.970203113400.925C-100000@localhost.imdb.com>
>	Status: Ben posted patch 

+1

>  * identitycheck and hostnamelookups not allowed in .htaccess but
>    documentation says they are.  Update the documentation or perhaps
>    make them work as documented.
>	Status: no one seems think we should make them work, so I
>		am proposing fixing the docs.  If someone thinks
>		the source should be fixed so it works as documented,
>		say so.

Update docs +1

>  * Roy's big fixes to main loop, lingering_close patch
>	Status: +1 Marc, Randy, Chuck, Jim

committed

>  * update bug report page to not have email form
>	Status: +1 Roy, Dean, Marc (but some changes suggested), patch
>		reposted with changes.  Needs input from people handling
>		current bug reports.
>	New status: reposted, still need input from people handling bug
>		reports via mail right now.  

Just do it -- I've lost the patch.

>  * mod_include is slow.  Marc posted an output buffering patch
>    that shouldn't help but does.
>	Status: +1 Jim, Dean
>		Rob tempted to -1: "its a feature"

committed

>  * Satisfy Any can be changed if .htaccess exists
>        If you give Satisfy Any in access.conf for a particular directory,
>        and have a .htaccess in that directory, Satisfy mode reverts
>        to Satisfy All even if the .htaccess has _no_ authentication
>        directives.
>
>	Status: Ed posted patch, +1 from Paul Sutton, Dean

Hasn't this been committed already?  I don't have the patch.

>  * Dean's reposted regex -Wall cleanup
>	Status: +1 Marc w/1 additional patch

committed

>  * Dean's rfc2068 fixes (several parts)
>	Status: Roy +1 (on only one part?)

I committed the two parts that were good, but left the handling of an
empty Allow and the redesign of TRACE for later.

>  * server can hang on HUP
>	Status: Marc posted patch, -1 Chuck because of sleep(2)... but I 
>	don't like the alternatives.

I'd like to know what affect this has on a busy server that HUPs nightly.
Perhaps using an exponential backoff with a select-based timeout in
microseconds would be better.

>  * infinite loop in mod_imap due to parsing bug
>	Status: marc posted another patch, Dean +1

committed

>  * http_request.c: directory_walk() misses some <Directory ...> directives
>    (PR#131).  I'm not sure the way things are done is really incorrect, 
>    but should be looked at.
>	Status: was actually already committed; should it have been?

committed

>  * if "options IncludesNOEXEC" set in directory, no CGI will work
>    Message-Id: <199702102302.PAA11416@taz.hyperreal.com>
>	Status: the way it should work, but not how some (including
>	Marc) want it to work.

-1, we've had the discussion before (a long time ago) about changing the
meaning of security-based options.  Besides, include virtual does work,
last time this topic came up.

>  * Solaris "accept: Too many levels of remote in path" [marc]

I've never seen this on my test machine, but I don't get external request
on it either.

>  * <!--#exec cmd="prog args\ with\ spaces"-->
>    doesn't work anymore. It passes THREE arguments
>    to prog ("args", "with" and "spaces), instead of
>    ONE argument ("args with spaces"). [eb@via.ecp.fr]  
>    Either need to use \\ or change escaping to not escape things that
>    aren't recognized as escape chars.

Ben posted patch, +1 Roy.

>  * new header_parse API hook is called too often
>       Status: RobH posted patch, had second thoughts.  He
>       suggests that mod_browser be optimised by detecting if it has been
>       called already and returning early if it has.

See also the suggestion by Doug MacEachern regarding addition of
is_main_request() test so that any module can avoid this.

>  * lingering_close generates the following error message
>      shutdown: Transport endpoint is not connected - lingering_close
>    using 1.2b6 (only a few a day).  I think this is what 
>    happens when a client disconnects during transmission, which
>    is a normal condition for web servers.  I suggest not logging
>    an error if errno == ENOTCONN.
>      Marc says that this may not be "normal", it may be if the client
>    sends a RST to terminate the connection (as per recent discussion on
>    end2end-interest) and it gets here before we get to that point in
>    lingering_close.
>       Status: no patch, waiting to see if it it improves debugging.

committed

>  * bugs in mod_negotiation (serious)
>       Status: reported by lampa@fee.vutbr.cz on Jan 6 to apache-bugs.
>               It is a very good, detailed report with patches.

Duplicate of things mentioned above, some committed (he decided to submit
PRs in addition to the Jan 6 message), so you can delete this note.

>Planning/design items:
>
>    * Should we change the default timeout of 1200?
>	Status: discussion ongoing, +1 concept Jim, Randy, Marc

committed

>    * should the bug report page be in CVS?  Should it be in the htdocs
>      tree or a seperate place?  Should it be distributed with Apache?
>      The same holds for everything on the Apache web site.  Marc would
>      like to see it all in CVS, but not necessarily distributed
>      with Apache.

It would be nice if all of the non-archive parts of the project tree 
were in a separate cvs module -- it would sure make updating Hyperreal
a lot easier (and safer).

>    * should perhaps start to think about exactly how we want to 
>      handle contrib patches/programs in 1.2.  Directory on the web site?  
>      Include in distribution?

We'll have plenty of time to do that between the last clean beta and
1.2final.

I think that the only two must-do fixes left are the byteranges fix
and the tiny-change patch I posted.  All the rest are less important
than getting a new beta out to the testers.

.....Roy