httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [VOTE] Release Apache httpd 2.4.14 as GA
Date Fri, 12 Jun 2015 16:57:27 GMT
There seems to be a 2.4.8 component and an actual 2.4.13 component. Did the
2.4.13 fix make it more frequent?

On Fri, Jun 12, 2015 at 12:49 PM Jeff Trawick <trawick@gmail.com> wrote:

> On Fri, Jun 12, 2015 at 12:35 PM, Jacob Perkins <jacob.perkins@cpanel.net>
> wrote:
>
>> +1 to Noels comments.  We have a ton of servers running Apache 2.4 with
>> our control panel.  Doing this in a point release will cause us to have to
>> change our product instead of doing a regular Apache release.
>>
>> When you have a server with 10k+ SSL vhosts, this can cause massive,
>> unexpected problems. I have a feeling that this will cause massive
>> headaches with all those running Apache 2.4.
>>
>
> Thanks to Noel's comments, we have dropped this to one message at a
> quieter log level for the next 2.4.x release, and we can assist with a tiny
> patch to any recent 2.4.x.
>
> It doesn't make sense for us to hold up a release when that change has
> been in the last several releases however.  (That's a high barrier for
> making progress.)
>
> Make sense?
>
>
> —
>> Jacob Perkins
>> Product Owner
>> *cPanel Inc.*
>>
>> jacob.perkins@cpanel.net
>> Office:  713-529-0800 x 4046
>> Cell:  713-560-8655
>>
>> On Jun 11, 2015, at 8:37 PM, Noel Butler <noel.butler@ausics.net> wrote:
>>
>> On 12/06/2015 00:08, Jim Jagielski wrote:
>>
>>
>> I'm calling a VOTE on releasing these as Apache httpd 2.4.14 GA.
>>
>> [ ] +1: Good to go
>> [ ] +0: meh
>> [ ] -1: Danger Will Robinson. And why.
>>
>> -1
>>
>> "The SSLCertificateChainFile directive () is deprecated,
>> SSLCertificateFile should be used instead"
>>
>> The constant warnings on start, stop, and even reload for every single
>> SSL host is unacceptable.
>>
>> This should never have been contemplated for a "point" release anyway.
>>
>> Clearly no consideration has been given to the headaches and collateral
>> damage this will cause, some hosts have tens of thousands of SSL hosts,
>> even a server reload will flood the hell out of them, most system/CP
>> scripts look for a specific, or no output, after reload, this results in
>> unexpected output and will trigger alarms, likely causing many systems to
>> think " oh there was a problem adding this host, so I wont continue adding
>> them into anything else and fail the entire new customer process" again,
>> creating serious problems for those required to maintain these things.
>>
>>
>> It might be fine and dandy for a stand alone single SSL host server that
>> is manually managed, but dont forget many hosts run up to 2+K hosts on a
>> single server with many of them SSL, that is a lot of change when you have
>> a server room half full of them, not to mention any inhouse scripting or
>> control panels that will need to be modified to cater for such changes to
>> create the new certs and deal with it all.
>>
>>
>> I for one will not place this release on any production servers. My
>> recommendation is that chainfile remain as it is - at the very least for
>> the 2.4 series, and if it is not enough to stop or delay this release to
>> revert, then I sincerely hope it is changed in trunk for the next.
>>
>>
>>
>>
>
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>
>

Mime
View raw message