Return-Path: X-Original-To: apmail-subversion-dev-archive@minotaur.apache.org Delivered-To: apmail-subversion-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BA9C8C27D for ; Mon, 3 Jun 2013 14:23:12 +0000 (UTC) Received: (qmail 26381 invoked by uid 500); 3 Jun 2013 14:23:12 -0000 Delivered-To: apmail-subversion-dev-archive@subversion.apache.org Received: (qmail 26337 invoked by uid 500); 3 Jun 2013 14:23:10 -0000 Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@subversion.apache.org Received: (qmail 26290 invoked by uid 99); 3 Jun 2013 14:23:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Jun 2013 14:23:08 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of cmpilato@collab.net designates 204.16.106.214 as permitted sender) Received: from [204.16.106.214] (HELO exch-smtp.collab.net) (204.16.106.214) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Jun 2013 14:23:03 +0000 Received: from [192.168.1.102] (204.16.106.217) by EXCH02.sp.corp.collab.net (204.16.106.214) with Microsoft SMTP Server (TLS) id 14.1.355.2; Mon, 3 Jun 2013 07:22:43 -0700 Message-ID: <51ACA6B1.2010907@collab.net> Date: Mon, 3 Jun 2013 10:22:41 -0400 From: "C. Michael Pilato" Organization: CollabNet, Inc. User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130510 Thunderbird/17.0.6 MIME-Version: 1.0 To: Subversion Development CC: Subject: Serf issue #102 and 1.8.0 release timing X-Enigmail-Version: 1.5.1 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="----enig2JMAEPSQHJRKRBBMHSSCL" X-Virus-Checked: Checked by ClamAV on apache.org ------enig2JMAEPSQHJRKRBBMHSSCL Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Last week it was discovered that Serf 1.2.0 broke support for Digest authentication, at least for applications such as Subversion where a connection might be used for multiple requests against different URLs. Y= ou can read about the problem in the issue where it was tracked (Serf issue #102 [1]) and in supporting sources. The problem has been fixed, thanks to Lieven's immediate and timely attention and efforts. The question for us is: does this constitute a soak-restart-worthy bug, and if so, on whose timeline? On the one hand, it's trivial to argue that the bug wasn't Subversion's a= t all, therefore can't force us to restart our soak period. On the other hand, Serf 1.2.0 is the only available public Serf release w= ith which Subversion 1.8.0 can operate[2], which really rather limits folks' ability to work around issue #102. From the end user's perspective, it's= going to be, "Subversion 1.8.0 doesn't work with my server" -- little details such as which library is to blame and which authn mechanism is in= use are of little to no interest at all. Unfortunately, there is as yet no public Serf release to date which conta= ins the fix for this problem. This means that were we to release Subversion 1.8.0 today, we'd have to do so with a warning label that informed folks about the Digest auth deficiency. And I'm not even sure how useful that would be -- *I* certainly couldn't tell you based on my typical userland Subversion interactions which of the servers I interact with daily use Digest auth and which use something else. What, then, is the approach that best serves our users? I'll suggest that the answer is found in how we'd track the issue locally= =2E "Subversion requires Serf 1.2.1" would be a reasonable issue description.= It would naturally be a 1.8.0 blocking issue. It's resolution (on our en= d, at least) would be simple -- some build system twiddling is all. What remains, then, is the determination of whether those changes (and it is arguably fair to consider all the changes made between Serf 1.2.0 and 1.2= =2E1, here, too) are destabilizing or not. If they are considered destabilizin= g, we're at least release_date(serf_1.2.1) + 28 days away from 1.8.0-final again. If they are not, then we should hold off on 1.8.0-rc3 until Serf 1.2.1 is produced (hopefully Real Soon Now), and then our final release c= an come a week after that. Thoughts? -- C-Mike [1] https://code.google.com/p/serf/issues/detail?id=3D102 [2] See also: http://subversion.tigris.org/issues/show_bug.cgi?id=3D4274 --=20 C. Michael Pilato CollabNet <> www.collab.net <> Enterprise Cloud Development ------enig2JMAEPSQHJRKRBBMHSSCL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJRrKaxAAoJEPXg8AH+aBMz1OUP+wbstiMi2+h0EChWUS8J/vKr iCmF1ZbERqWod0VllBGIKaoay+zYJ0Bj/PCwyIbtA2NiaGMChr7G7Fbf1aQ8ETtP FsTqSTqcQGWjue4jc03N/na4GtTS78A0aG/0FhAwTjVA6Hzi4mH3eB2bzAugpxx/ JwXBbKGnQJwxYISN+bsGXxmDGpoJDOw/xh+/BUtVaJIBH6k9v5S/hKBMti6LwpZ5 aqE6JXILin6y0pPhMEDmWFUC7jN/Ms5UFrxO38qU9SNpMnjaWrDpI4tDPQtHW333 ww/T3VummBOdNsLzKFIK2U6Pi5lny1mGd2/HgICJuRcu0TrF5MAM5tww9fziFel4 FF2Wu6Mmas4wujugQ4TErmj8Q+t2z4GBpxjbYZDMHbgL4dt8frn3H+NQ/dtmJ3C/ /M0cOeQ1gT8DFjcXGFvxozqFmQYJYlERK3DoEYa+l09E94yGbYJk7FJZWPkAgAQ0 WNtT47xyWovhmduZPlzeNQto7UsL4vC18FWHllunsD8WSn066zNPQgrVtnCWgCnx Ed8zyZtTW00cC4C4InEFPM8MDeKPKWpHO7dqffD5T4VFGQx5N7BPUdzsMwkIfjXT y107iaMsU7kpoPxXIWalxtM3NnbryehgoeARRH72EEBwT/lEfjCTSwoZ1LDqtIho Cn448KmNtEJyrbg1VLoi =zBMx -----END PGP SIGNATURE----- ------enig2JMAEPSQHJRKRBBMHSSCL--