httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <>
Subject Re: [VOTE] 2.1.3 as beta
Date Mon, 07 Mar 2005 16:21:47 GMT
William A. Rowe, Jr. wrote:
> At 07:22 AM 3/6/2005, Sander Striker wrote:
>>I assume we are in agreement that the current AAA discussion shouldn't
>>hold up moving to 2.2 either.
> Absolutely it does.  Either 2.1-dev has made implementing this 
> worse (my essentially workable proposal for 2.0 would no longer 
> work at all, with no workaround) or 2.1-dev has made implementing
> such a feature possible, even trivial, even if it's not part of
> the httpd-2.2 core.  Suggesting we push out 2.2 'as is, whatever'
> would be like having shoved out either Ryan's or Greg's original
> filter stack without the group coming to concensus (and best of
> breed solution.)
> I'm not saying we need to have this module.  I'm asking if our
> new auth framework is worse or better than yesterday's for folks
> to build upon it.

I disagree. The current authentication in 2.1 is far far better than 
what 2.0 has.  I have been using it in production variations for over 2 
years now.  Just the ability to use any authentication backend with 
Digest is a huge improvement.

> I'm sensing from comments that we've created a more complex
> structure which is harder to work with, but might not quite solve
> real world problems.  If that's true (I'm +/-0 on deciding until
> I work this into 2.1-dev auth) then I'm one -1 on 2.2.0.

This whole discussion is about a feature that has never existed before, 
and there isn't a patch for it yet.

I believe the best method is to attack it at the point of least work, 
and if it ends up being good, look at extending it to everything.

I think it should be hacked into mod_authnz_ldap, and if it works, then 
work can be done to generalize it to all the authnz modules.  Right now 
we really don't know what is required to get it done.  It is all just 
mailing list talk and theory.

I do not believe it is appropriate to threaten a -1 veto on 2.2.0 for 
this issue.  Its not a regression, its not something we have a patch 
for, its something that didn't exist a week ago.

> The point to 2.2 is we are doing things that 2.0 couldn't.  Either
> we have added such things well, or poorly.  Only alphas in the
> hands of module authors tell us the answer to this.  [For that
> matter, something somewhere needs to attract our module community
> to investigate, I don't think we successfully have engaged them.  
> Not even some high level "what's changed" exists today other than
> good old CHANGES.txt.]

Alphas are generally worthless, as they are currently released, imho. 
We need to get to 'beta' and put it on our front page, get slashdotted, 
and send out announcement emails.

> That said - -nothing- should ever hold up 2.1.x alpha anytime
> someone has the energy to run with the ball!

I am discouraged from trying to RM one, just from the knowledge that it 
will get a -1 veto, before I even roll it.


View raw message