httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r230592 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS modules/proxy/proxy_http.c
Date Fri, 19 Aug 2005 01:24:25 GMT
Quoting myself, and asking for -one- review...

httpd-2.0.55 is stillborn.  We will not release as-is with my
veto on trawick's backport of the http proxy request processing
changes.  Many voiced an opinion to go forward, so there is code
in a seperate branch to bring the code he backported in sync with
RFC 2616 and our current trunk/.

jimj has voiced one of our 3 +1's.  Myself included, it needs
one more +1 review, and more +'s than -'s...

At 08:34 PM 8/8/2005, William A. Rowe, Jr. wrote:

>There is no way in hell I'm refactoring now near 90 hours of work
>to make it more digestable.  This big steak I just chowed down
>on Sunday, regurgitating into tiny little digestable pieces for 
>chicks to lap up and swallow, is absolutely illustrative of what
>the hell the code should look like.  You don't like #7, Joe doesn't 
>like #3, Jeff doesn't like #13 and Jim doesn't like #10.  For that
>matter I can't even stand where it started from or how I got to the
>end.  That's fine, take each little digestable bit.  If it doesn't 
>break the code, choose to not vote or +1 it.  I don't care.  If it 
>breaks the code, give me technical justification and I'll address 
>the complaint.

If any pmc member would please review 

http://svn.apache.org/viewcvs/httpd/httpd/branches/proxy-reqbody-2.0.x/modules/proxy/proxy_http.c

from r219059-r230744, we can finally close the logjam.  AFAIK,
my employer is the only one shipping -moderately- vulnerability
free code, which is a pity since under both hats I always try 
to serve the ASF in turn with my employer, and offer no allegiance 
to one over the other.  And in fact, my employer knows nothing
of what happens in the security reaction team here until some
public announcement is made.  Sad, quite sad.

(You might also consider r171205, the vetoed change, in your 
overall evaluation).

I understand few have the patience to review the changes, and
clearly no others understand the code in the first place.  I'll
propose under separate email to eject proxy from the httpd core
project in 2.2., given that we have insufficient oversight to 
support mod_proxy, unless someone speaks pro or con on technical, 
rather than silly grammatical, formatting and procedural matters.

If you don't follow my changes, ask questions.  Questions are 
always good.  There are no embarrassing questions, only sometimes
pathetic answers :)

Bill



Mime
View raw message