tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Chaffee <g...@edamame.stinky.com>
Subject Re: Outstanding bugs before 3.2 final?
Date Thu, 21 Sep 2000 20:37:06 GMT
On Thu, Sep 21, 2000 at 03:10:08PM -0400, Larry Isaacs wrote:
> I'll admit I may have overstepped a bit, going for a quick fix
> giving security the priority over ease of development.  I
> didn't think I had time work out a configuration parameter
> for server.xml.

It's an understandable urge, and very common, which is why
feature-freeze policies have to be applied objectively.  Even though
you consider it a bug, it's really changing existing behavior, thus a
feature change.

> IMHO, being able to easily guarantee that stack traces can't
> occur is serious enough that it should be addressed in
> Tomcat 3.2.

Again, trying to be objective:  This 'bug' hasn't hurt anyone so far,
hasn't interfered with any existing applications, and hasn't been used
to mount an attack (successful or otherwise) on any real or imaginary
Tomcat installation -- in those terms it's certainly not serious.

Let's start another thread to discuss the error-reporting behavior
(descriptive and normative) and leave this one focused on what to do
for the 3.2 release.

> So, I willing to go with the majority.  I can roll the stack
> traces back into the default handling, or continue modifications
> to add a configuration parameter to server.xml.  What is the
> feeling on this?

Please roll back changes, then we will have time to discuss where and
how the parameter should work, what it should be called, whether it
applies to logs as well as servlets as well as JSPs, and so on. 

> I would assume that Tomcat 3.2 won't get any maintenance
> releases the same as Tomcat 3.1.  I'm reluctant to just
> let Tomcat 3.2 ship because it isn't clear when Tomcat 3.3
> will be ready.  ...

This is a slippery slope and is not good enough to hold up 3.2 any
longer.

  - A

P.S. SHIP NOW

-- 
Alex Chaffee                       mailto:alex@jguru.com
jGuru - Java News and FAQs         http://www.jguru.com/alex/
Creator of Gamelan                 http://www.gamelan.com/
Founder of Purple Technology       http://www.purpletech.com/
Curator of Stinky Art Collective   http://www.stinky.com/

Mime
View raw message