httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: Auth: Start the httpd-2.1 branch finally?
Date Sun, 13 Oct 2002 21:57:37 GMT
At 04:36 PM 10/13/2002, Justin Erenkrantz wrote:
>--On Sunday, October 13, 2002 3:59 AM -0700 Greg Stein <> wrote:
>>There were some directive changes, and certainly some different
>>modules to load, but nothing in the API department. Moreover, I
>>think we can deal with the directives and create some kind of
>>backwards-compat stuff. It is just that I'm not entirely sure what
>>got dropped and added yet. The modules are a bit tougher. We could
>>potentially fix it with hacks to the module loading stuff to key
>>off the old names and load the new stuff, but that just feels
>My belief is that the only change is in the *Authoritative directives - we're now more
granular as we can selectively control authoritativeness on authn and authz modules.  There
are also some gotchas on the LoadModule lines, but, like you, I'm not really sure what we
can do about that.  I think the best thing to do is to document the module renames.

I challenge you to do so; document both the old and the new so that

clearly documents both the pre-new-auth and post-new-auth.  I'm presuming
it can't be done -well-, because it hasn't been done.  I grappled with the idea
this weekend and surrendered.  That's when I revisited my original vote to 
implement this in 2.1 ... like FirstBill offered, I too should have hollered louder.
But no users have been harmed, and the code will go in (to 2.0 or 2.1).

The fact that we don't know what to do about it speaks volumes as to how
difficult this is, and how ill advised this restructuring is for 2.0.

Of course we can announce to the world "Hey, we were kidding, 2.0 wasn't
GA quality, but now it is, and 2.0.47 is the real GA release."  [I'm being
tongue in cheek here, I believe along with many developers that 2.0 was as
ready for GA as it was ever going to be.  We couldn't begin to track down 
the obscure bits without some adopters telling us exactly what was wrong.]

>And, solutions like adding back mod_access or mod_auth can't work since we do not allow
modules to share directives - therefore, there will be confusion internally about which modules
should handle the authorization when both are loaded.  That's badness.  -- justin

Of course not.  Either the revamped auth goes it, or it's reverted. I agree
it's too difficult to have both.


View raw message