httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: [VOTE] Release Apache httpd 2.4.0
Date Wed, 18 Jan 2012 12:12:49 GMT
On 18 Jan 2012, at 4:56 AM, Noel Butler wrote:

> This never was a problem in 2.2, if one disabled dav it was disabled, as it should be
disabled, fully, not only in parts, here and there, granted it's now changed because modules
are no longer defaulted to statically built, but plenty of admins will use this method, I
also favour it (heh, obviously since I found it), so if the option to revert to old method
is offered as it is via --enable-mods-static=all, then if someone disables a specific mod
like dav (which some security type scanners suggest), it should be fully disabled and the
build should succeed.

This was and still is a problem in v2.2 for mod_proxy, and a number of other modules. If you
turn mod_proxy off, you'll have the build fail caused by mod_proxy_http and friends. I looked
at fixing this recently and discovered this was a massive job, one for the timescales given
by v2.6, not v2.4.

What modules should be doing is using the optional functions API, and changing this requires
an MMN bump, so cannot be done during the lifetime of v2.4. While unfortunate, this isn't
a showstopper.

> Without going over all docs as Tim (IIRC) and William appeared to do, the INSTALL is
the most important I think for users, the file has references to 2.3, this is 2.4, also, it
does not mention the need for the deps or apr is no longer included in the base package, these
are fundamental issues that need to be addressed, especially the later, remember, your average
apache user is NOT a coder, but a system admin, and often will little experience on doing
anything else but copy and pasting a config and make and install from a cheat sheet.

The average apache user will be installing binaries, either provided by their operating system,
or provided by us (such as the Windows binaries). The more specialised users will be building
Apache from source against system provided copies of APR. Only users with very specific requirements
will be attempting to use the deps package, and these users will be of the level that seeing
"2.3" instead of "2.4" won't be an insurmountable barrier. Again, this is unfortunate, but
not a showstopper.


View raw message