httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noel Butler <>
Subject Re: [VOTE] Release Apache httpd 2.4.0
Date Thu, 19 Jan 2012 11:01:59 GMT
On Wed, 2012-01-18 at 14:12 +0200, Graham Leggett wrote:

> > This never was a problem in 2.2, if one disabled dav it was disabled, as it should
be disabled, fully, not only in parts, here and there, granted it's now changed because modules
are no longer defaulted to statically built, but plenty of admins will use this method, I
also favour it (heh, obviously since I found it), so if the option to revert to old method
is offered as it is via --enable-mods-static=all, then if someone disables a specific mod
like dav (which some security type scanners suggest), it should be fully disabled and the
build should succeed.
> This was and still is a problem in v2.2 for mod_proxy, and a number of other modules.
If you turn mod_proxy off, you'll have the build fail caused by mod_proxy_http and friends.
I looked at fixing this recently and discovered this was a massive job, one for the timescales
given by v2.6, not v2.4.
> What modules should be doing is using the optional functions API, and changing this requires
an MMN bump, so cannot be done during the lifetime of v2.4. While unfortunate, this isn't
a showstopper.

Regardless, if it did not fail a build in 2.2, it should not fail a
build on 2.4
Therefore I regard this as a serious bug, as for a show stopper, I have
no say on that, but I know what I'd be marking it as.


View raw message