httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leif W" <>
Subject Re: UNIX MPMs [ot?]
Date Thu, 10 Feb 2005 16:54:01 GMT
> "Sander Striker" <>; 2005-02-10@09:35 GMT-5
>> From: Leif W []
>> Sent: Thursday, February 10, 2005 3:10 PM
>> things which might commonly be used in concert?  Is there any 
>> "direction" given
>> from "the top" of the Apache group in regards to what gets attention?
> No, there is not.  The committers are free to work on what they want.

Ok, just wasn't sure how the ASF worked, some combination of directed 
and volunteer effort or something.  Not "do this or else" strict 
direction, but "please focus energy here if you can", a laidback 

>> In the message on the suPHP list, it is implied that there is in 
>> general a
>> mentality that security is not a priority
> Given the way we handle security issues I don't think this remark will 
> hold water.

That's quoted out of context.  Security holes get prompt attention.  I 
was referring specifically to security as presented by perchild, as 
noted in the parenthisized expression below which was part of the same 
sentence.  Sorry if my wording misconstrued the point.

>> (at least regarding setuid per request as perchild MPM would like to 
>> do),
> Apparently there are a lot of people with the itch, but nobody 
> scratching it.


> Well, we are volunteers you know ;).  I'm sure you could find someone 
> to work
> on perchild on a contract basis, making your itch (one of) the 
> developers itch.
> Or even an external party who would submit patches.

I'd be more than happy to scratch this itch, but I haven't the coding 
ability or speed, testing environment, resources or time right now.  I'd 
do it for the fee of training me how to do it.  :p  I'll need to consult 
the reference manuals.  If I had financial resources I'd use them to 
encourage itches like this to be scratched, because when admin get burnt 
out over a missing feature, I'd like to give back that enthusiasm and 
fun and peace of mind.  Coding is hard work and people deserve something 
for the time, even if enjoyment of the coding effort is usually enough. 
FWIW, I try to payback to this specific in the only way I can, by 
helping on the users list, and occasionally try to submit simpler code 
to other projects.

> Well, what is vital depends on context.  Apparently it isn't as vital, 
> since
> 2.x is certainly used without this vital mpm.
> Agreed, it would be very nice to see perchild development picked up 
> again.  Or
> metux integrated in the main distro (it'd need review and all that, 
> and ofcourse
> desire from the metux developers to do so).  For me personally, it 
> isn't a big
> enough itch to start scratching it.  Proxy and caching are a lot 
> higher on my
> personal agenda.  As are some other features I still am desperately 
> seeking the
> time for to work on.

There may be a discrepancy between what developers in general consensus 
think is vital, what is vital to individual developers, what admin think 
is vital, or people of different platforms, or what combinations of 
technologies are being used in concert.  I'm thinking vital in terms of 
a common problem which many experience, for whom various workarounds do 
not work that well.

To that end I am just curious about what it takes to have something of 
that magnitude eventually committed.  If no developers are currently 
interested in a topic, who reviews it?  What if someone applies to be a 
developer and says this is vital to them and a portion of the user base? 
Wether RTC or CTR, some patches of a lesser magnitude (affecting only 
one module for instance) seem to fly right through, yet other patches 
hang around a long time.  I am just curious if "status quo" vs. "who you 
know" plays any part in the process.  If so then it has to be planned 
for and addressed by anyone attempting to make a contribution.  I'm not 
so good figuring this stuff out, so that's why I ask.

> The problem is that you drag in the *nix vs Windows argument.  Why do 
> we need
> to bother with that at all?

Hmm, sorry, I didn't even see that happening.  I did not feel like I was 
requesting a discussion of the A vs. B, but it maybe opened the wrong 
door, and I'm sorry for that.  I mentioned something about A and B, 
thought that it might be mistaken for an argument of pro A con B, and 
stated that I didn't wish to discuss it in that context, and hoped that 
would be enough.  The initial discussion was presented to me as perchild 
mpm (security) vs winnt mpm (portability), so my initial thoughts were 
along that line.  But as I indicated, I considered the possibility that 
it was just a coincidence of events, not a directed intent.  If I say I 
prefer A to B, is that wrong?  IMO no, because I did not ask anyone to 
agree, nor ask their opinion, nor tell anyone what to prefer.  You don't 
have to talk about that then.  :-)  I am not arguing for or against an 
OS.  I just mentioned the three as the OSes to which I have had access, 
and experience, and to which platform some 3rd party solutions to 
setuid/setgid (perorphan?) are available and some are not.  Of course 
I'd like a portable solution.

Anyways, thanks to everyone for explaining this better.


View raw message