Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
Received-SPF: pass (athena.apache.org: domain of trawick@gmail.com designates
 209.85.211.198 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=mSnU2e9LePdGgk0xEIjQfyQDA1ihatYJib4F6k4qRWOoQjr2af+WoSZ/yo74xBTNLv
         bbmDlcHK2BVWZy0JZlwnEDtbtvXYmJzmz8roH+SWyp+O0H/IgGfs5HjaOfCS76U7IiCE
         RjPNGVO+X61qIky8dm5JEV+XF8yOjX0uzgC44=
MIME-Version: 1.0
In-Reply-To: <6f5b6fe71001041357g76b2b22fn93d083d22a08bf72@mail.gmail.com>
References: <6f5b6fe71001041357g76b2b22fn93d083d22a08bf72@mail.gmail.com>
Date: Tue, 5 Jan 2010 07:44:02 -0500
Message-ID: <cc67648e1001050444o31ec6461i2d27ff5f9e8ca8c8@mail.gmail.com>
Subject: Re: [VOTE] Formal deprecation of 1.3.x branch
From: Jeff Trawick <trawick@gmail.com>
To: dev@httpd.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

2010/1/4 Colm MacC=E1rthaigh <colm@allcosts.net>:
> Observers of the commits list may have noticed some small cleanups to
> the 1.3.x branch earlier today. There are currently a number of
> several years-old backport/patch proposals in there too, including two
> marked as release show-stoppers (neither actually stopped the show,
> when last we had a release).
>
> I've reviewed and tested the relatively low-hanging fruit, and cleaned
> up the backport proposals to be functional patches. If you really
> really think any of those patches are important, now is a good time to
> review/test/vote!
>
> Because ... stealing an idea from wrowe@ ... how about we formally
> deprecate the 1.3.x branch? Make one more release, but attach a notice
> to the effect that it will be the final release, and that in future
> we'll be distributing security updates by other means :-)

I'd stay away from the word "deprecate."  In software, it means that
at some point in the future the user must migrate to a new
interface/feature; formal deprecation is usually announced at the
beginning of the ability to transition.  We're years past that for
1.3.  Anybody really paying attention already knows the scoop.

What we want to convince the incurious of is that

Apache HTTP Server 1.3.x
* hasn't been actively maintained for years
* is not at all suitable for use on any version of Windows
* has been replaced by Apache HTTP Server 2.x, and our only
recommended version at present is the latest 2.2.x release
* is missing numerous less-critical security fixes when compared with 2.2.x
* may not have additional fixes released in the future, and any such
fixes may be released as separate patches instead of as a full release