httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: svn commit: r996719 - /httpd/httpd/branches/2.0.x/STATUS
Date Mon, 13 Sep 2010 23:27:15 GMT
On Mon, Sep 13, 2010 at 7:03 PM, <wrowe@apache.org> wrote:

> Author: wrowe
> Date: Mon Sep 13 23:03:47 2010
> New Revision: 996719
>
> URL: http://svn.apache.org/viewvc?rev=996719&view=rev
> Log:
> Promote, demote. Please look at this specific patch if you care that it
> just hit the 'going nowhere' category
>
> Modified:
>    httpd/httpd/branches/2.0.x/STATUS
>
> Modified: httpd/httpd/branches/2.0.x/STATUS
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=996719&r1=996718&r2=996719&view=diff
>
> ==============================================================================
> --- httpd/httpd/branches/2.0.x/STATUS (original)
> +++ httpd/httpd/branches/2.0.x/STATUS Mon Sep 13 23:03:47 2010
>
> +PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
> +
>   * CVE-2010-1452 fix for mod_dav
>     Trunk patch:
> http://svn.apache.org/viewvc?view=revision&revision=966348
>       (mod_cache and mod_session portions don't apply to 2.0.x)
>     2.0.x patch:
> http://archive.apache.org/dist/httpd/patches/apply_to_2.0.63/CVE-2010-1452-patch-2.0.txt
> -
> -PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
> +    wrowe observes: nothing belongs in STATUS without a
> champion/sponsor/at least 1 +1
>

I've seen you and somebody else say that, so I'll stop.  At the same time I
will point out that

* Sometimes people without commit access ask for something to be backported,
possibly even with a patch to STATUS.  Where better for the request to live
a couple of days down the calendar when the request has scrolled off the
first screen of most in-boxes?

* Updating STATUS and finding a place to host a patch for a security
backport, even before reviewing/testing it properly, serves as a good
reminder that something needs to be done and gets a bit of bookkeeping out
of the way.  Additionally, multiples of us have already reviewed and tested
patches for backport to our own private trees and know exactly what should
work.  One could just as well ask on dev@ "Hey, is it really this simple for
2.0" or whatever, or cut to the chase and update STATUS since it has to be
there anyway.

For this particular 2.0 patch, it should have been reviewed at about the
same time (I'll punt on the sequencing) that it was put in the official
patches directory.  Rather than raising the issue in the couple of minutes I
had, it was easier to just say, in the canonical way, "uh, who agrees that
this is the right patch so we can get svn to match what we're telling people
to use".

Mime
View raw message