httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <>
Subject Re: Will mod_session_crypto be included in 2.4?
Date Tue, 28 Dec 2010 21:01:04 GMT

----- "William A. Rowe Jr." <> wrote:

> Actually, the apr_ function calls involved have not been approved for
> release,
> so I'd suggest this module is inappropriate for GA until that API is
> accepted
> (and clearly it's received minimal and insufficient review, which is
> completely
> unacceptable for a crypto interface in particular :)

I think a simple way to get more reviews is to build and put
something on-line that enough people find attractive to exploit ;)

> For example, if 2.4.0 is shipped with a call to apr_crypto_error with
> three
> arguments, when the correct API takes two arguments (ctx and err,
> dropping
> the 1st driver argument), then it will make no sense when someone
> attempts to
> actually build the module.  It seems stupid to ship such code in a GA
> release.

I'm concerned that by not shipping it, we're losing a lot
of useful functionality:
> svn rm'ing it once 2.3 is forked from trunk seems appropriate.  Adding
> it back
> when apr-util 1.4 (or apr 2) is released would be trivial.

That okay after going GA?


Igor Galić

Tel: +43 (0) 664 886 22 883

View raw message