httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [VOTE] Release Apache httpd 2.4.14 as GA
Date Fri, 12 Jun 2015 16:48:57 GMT
On Fri, Jun 12, 2015 at 12:35 PM, Jacob Perkins <jacob.perkins@cpanel.net>
wrote:

> +1 to Noels comments.  We have a ton of servers running Apache 2.4 with
> our control panel.  Doing this in a point release will cause us to have to
> change our product instead of doing a regular Apache release.
>
> When you have a server with 10k+ SSL vhosts, this can cause massive,
> unexpected problems. I have a feeling that this will cause massive
> headaches with all those running Apache 2.4.
>

Thanks to Noel's comments, we have dropped this to one message at a quieter
log level for the next 2.4.x release, and we can assist with a tiny patch
to any recent 2.4.x.

It doesn't make sense for us to hold up a release when that change has been
in the last several releases however.  (That's a high barrier for making
progress.)

Make sense?


—
> Jacob Perkins
> Product Owner
> *cPanel Inc.*
>
> jacob.perkins@cpanel.net
> Office:  713-529-0800 x 4046
> Cell:  713-560-8655
>
> On Jun 11, 2015, at 8:37 PM, Noel Butler <noel.butler@ausics.net> wrote:
>
> On 12/06/2015 00:08, Jim Jagielski wrote:
>
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.14 GA.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
>
> -1
>
> "The SSLCertificateChainFile directive () is deprecated,
> SSLCertificateFile should be used instead"
>
> The constant warnings on start, stop, and even reload for every single SSL
> host is unacceptable.
>
> This should never have been contemplated for a "point" release anyway.
>
> Clearly no consideration has been given to the headaches and collateral
> damage this will cause, some hosts have tens of thousands of SSL hosts,
> even a server reload will flood the hell out of them, most system/CP
> scripts look for a specific, or no output, after reload, this results in
> unexpected output and will trigger alarms, likely causing many systems to
> think " oh there was a problem adding this host, so I wont continue adding
> them into anything else and fail the entire new customer process" again,
> creating serious problems for those required to maintain these things.
>
>
> It might be fine and dandy for a stand alone single SSL host server that
> is manually managed, but dont forget many hosts run up to 2+K hosts on a
> single server with many of them SSL, that is a lot of change when you have
> a server room half full of them, not to mention any inhouse scripting or
> control panels that will need to be modified to cater for such changes to
> create the new certs and deal with it all.
>
>
> I for one will not place this release on any production servers. My
> recommendation is that chainfile remain as it is - at the very least for
> the 2.4 series, and if it is not enough to stop or delay this release to
> revert, then I sincerely hope it is changed in trunk for the next.
>
>
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message