Return-Path: 
 <dev-return-69281-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 7755 invoked from network); 25 Aug 2010 05:49:36 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 25 Aug 2010 05:49:36 -0000
Received: (qmail 24090 invoked by uid 500); 25 Aug 2010 05:49:36 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 23535 invoked by uid 500); 25 Aug 2010 05:49:33 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 23525 invoked by uid 99); 25 Aug 2010 05:49:32 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Aug 2010 05:49:32 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.9] (HELO minotaur.apache.org) (140.211.11.9)
    by apache.org (qpsmtpd/0.29) with SMTP; Wed, 25 Aug 2010 05:49:31 +0000
Received: (qmail 7673 invoked by uid 2161); 25 Aug 2010 05:49:11 -0000
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by euler.heimnetz.de (Postfix) with ESMTP id BB8B124044
	for <dev@httpd.apache.org>; Wed, 25 Aug 2010 07:50:11 +0200 (CEST)
Message-ID: <4C74AF13.1080503@apache.org>
Date: Wed, 25 Aug 2010 07:50:11 +0200
From: Ruediger Pluem <rpluem@apache.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
 rv:1.8.1.24) Gecko/20100301 SeaMonkey/1.1.19
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Re: [PRERELEASE TARBALLS] httpd-2.3.8
References: <9D9E9DAC-D89C-45F5-85A5-CE3EBC4B2BB6@jaguNET.com>
	<4C7441D3.4060601@apache.org>
 <AANLkTinQ1g5GAXJtnzksFe7NEa29gNuCM1GVsv_v+M7-@mail.gmail.com>
In-Reply-To: <AANLkTinQ1g5GAXJtnzksFe7NEa29gNuCM1GVsv_v+M7-@mail.gmail.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit



On 08/25/2010 12:29 AM, Paul Querna wrote:
> On Tue, Aug 24, 2010 at 3:04 PM, Guenter Knauf <fuankg@apache.org> wrote:
>> Hi all,
>> Am 24.08.2010 18:42, schrieb Jim Jagielski:
>>> The pre-release test tarballs for httpd-2.3.8 (alpha) are
>>> available for download, test and fun:
>>>
>>>        http://httpd.apache.org/dev/dist/
>>>
>>> Will call for a release vote in a coupla days...
>> I know that this topic was already up here, but nevertheless I think we
>> should re-think about including PCRE again.
>> Other than openssl or zlib PCRE is a mandatory dependency like APR/APU, and
>> I see no benefit in dropping it from our dependencies deliveries other than
>> making tarballs smaller, and that is nowadays certainly not an issue
>> anymore.
>> We want Apache to build form source on at many platforms as possible - sure
>> the main target is Linux / Unix, but we have a couple of other platforms
>> where PCRE is not installed by default, that are at least Win32, NetWare,
>> most likely OS/2, and probably a couple of others too.
>> I tried to build 2.3.7 already for NetWare and Win32, and while NetWare went
>> fine only because I have an (self) adapted makefile (from previous times
>> when we shipped PCRE), the Win32 stuff is horrible: there comes some
>> suggestion up that I should build PCRE with CMake with xxx option; 1st I
>> have to download CMake and depend on another build tool (ok, not that big
>> issue), but whats even more worse is that the CMake build failed for me, and
>> thats really bad - you cant just go and build httpd as you do on Linux, no!
>> Your build process is always interupted, and probably as in my case finally
>> broken at all.
>> Hey, friends, we do much better with 2.2.x where we ship PCRE: we have our
>> own makefile, and the build goes through in one go without need for other
>> tools like CMake - just the compiler and probably a platform PDK are enough
>> (and thats how it shoud be).
>> Therefore I want to start a vote here again where we vote for including PCRE
>> again with the dependencies - just as we (now) do with APR/APU;
>> and everyone who votes against should give some good reasons what speaks
>> against -- the fact that every Linux comes with PCRE is certainly no good
>> reason - it only leads finally to the fact that we might end up with 50
>> builds of httpd 2.after-2.x with different PCE versions which makes then
>> nice bug hunting, and we cant even tell someone who faces a prob to 'use our
>> shipping PCRE which is known to be good'.
>>
>> Here we go:
>>
>> [ ] YES - include recent PCRE again with dependencies (means we
>>    create a PCRE repo in svn, check in a recent version, and add
>>    platform-dependent makefiles which are fully integrated into
>>    main build process).
>>
>> [ ] NO - dont include PCRE (as currently) because of reason: ...
>>
>  [X] NO:
> 
> There are 3-5 PCRE releases per year[1], and as a project our history
> of staying up to date (including security and just bug fixes) was
> generally pretty bad.  Bundling our own PCRE is a security risk best
> managed by operating system vendors who take care of backporting
> patches to 4 year old versions, as an upstream I see very little value
> in maintaining PCRE in tree, and plenty of risks.
> 
> It seems to enable porting on other platforms, we could make a shell
> script that downloaded PCRE and any other dependencies like it
> (OpenSSL?), but I don't believe this has a place in the main
> distribution tarball.

Very valid reasons and I am as a 'Unix' guy not hurt that much by the stopped
bundling of PCRE. OTOH there seems to be a real problem on Netware and
Windows and we might should spend some time in providing better build
instructions / scripts how to get PCRE build easily on Windows / Netware.

Regards

Rüdiger