httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <>
Subject Re: Will mod_session_crypto be included in 2.4?
Date Tue, 28 Dec 2010 21:25:05 GMT
On 12/28/2010 3:01 PM, Igor Galić wrote:
> I think a simple way to get more reviews is to build and put
> something on-line that enough people find attractive to exploit ;)

No.  True of alpha and beta releases.  People are warned 'this just might
not do anything at all'.  That's what a pre=release is.  But you are also
incorrect because this is not a matter of exploiting, but of crafting an
interface which is actually functional, usable and conforming to the style
of the library.  apr_crypto is unproven, certainly the mod_ssl cannot be
re-factored to consume it, and the style exceptions are flagrant.

The APR project generally hasn't thrown food at the wall to see if it sticks.
Of course httpd does, and that's just fine in the context of an application,
vs. a supporting library.  There's even an httpd context for such things, we
long had a modules/experimental/ directory in the distro tarball.

General availability carries an expectation that it builds and does something
useful.  Authoring to currently invalid function prototypes is no way to win
such a battle in the long haul.  Testing for 'is this apr-util 1.4/apr 2.0?'
won't help, when those are changed to syntactically correct prototypes upon
release, e.g. the retval ptr as the first arg, pool as the last arg, etc etc.

Of course if apr_crypto never receives attention and is never released, all
of these concerns are moot.  But including that code is similarly moot, which
is my basis for disagreeing with Jim.

>> svn rm'ing it once 2.3 is forked from trunk seems appropriate.  Adding
>> it back when apr-util 1.4 (or apr 2) is released would be trivial.
> That okay after going GA?

In HTTPD its just fine.  In APR, it would mean the bump to 2.1.  We have and
still do add modules whenever it is appropriate, by consensus of the project.
We would try like heck not to -remove- a module after 2.4 released, just to
minimize the disruption to users doing an incremental upgrade.  So, for an
example, mod_substitute was not replaced by mod_sed in the 2.2 lineage, but
would be in the 2.4 jump.

View raw message