httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sander Striker" <>
Subject RE: cvs commit: httpd-2.0 acinclude.m4
Date Sat, 10 Aug 2002 08:33:06 GMT
> From: William A. Rowe, Jr. []
> Sent: 10 August 2002 06:55

> At 08:31 PM 8/9/2002, Roy T. Fielding wrote:
>>> Cool. I believe something is better than nothing :).
>>> (I'm sure you're already aware of this - but thought it'd be better to let
>>> you know)
>>> I believe my patch went into r1.127 - and has been labelled for the 2.0.40
>>> release. So, you might want to bump the label before it's released.
>> It has already been released.  And where did the three +1 come from
>> anyway?  That is still required on the tarball (not the tag) before
>> the announcement is supposed to go out, even for security releases.
> You are absolutely correct.  Consider this my publicly recorded +1.

And that would be my second mistake this release.  Consider this my
official +1.  I can tell you that this won't happen to me a second time.
I am documenting the entire release process from start to finish
so that the RMs doing the following releases have something to guide
them through.  I'll also include some tips like 'be reluctant to
include last minute patches' and put a big fat warning in: '3 +1s
are also required for security releases'.

My first mistake has been to include the patch.  I am usually pretty
reluctant to include patches at the last minute, and I curse myself
for doing differently this time.
>> 2.0.40 will fail to compile for future releases of OpenSSL 0.9.x
>> except for those that also happen to end in e-z or are specifically
>> asked for via the --with-ssl=DIR option in configure.
>> Maybe that could go on the "known bugs" page.
> Right on the README.html page of /dist/httpd/ would be a good start.
>> I have no idea why the patch was applied just prior to the tag.

That was a [very poor] judgement call on my part.
> Must have been some security conscious over-eager attempt to
> deliver secure code, in spite of third party libraries.


> After cutting them [Madhu/Sander] much slack, I'll agree I really
> like your approach much better.  Thanks for the rational compromise
> patch, Roy.

Indeed, thanks Roy for setting me straight here.  I'll put the patch
in apply-to_2.0.40 for user convenience.  I'll also update the README.html
in dist/httpd.  I might not get around to it until tonight though :(

> Bill

Mea culpa.


View raw message