Re: mod_remoteip and mod_http2 combined

On Sat, Feb 18, 2017 at 4:25 PM, Daniel Ruggeri <drugg...@apache.org> wrote: > On 2017-02-15 09:07 (-0600), William A Rowe Jr <wr...@rowe-clan.net> wrote: >> On Wed, Feb 15, 2017 at 9:02 AM, Sander Hoentjen <san...@hoentjen.eu> wrote: >> > >> > mod

Re: [2.2 PATCH] fix HttpProtocolOptions (etc) merging

On Mon, Feb 20, 2017 at 10:16 AM, Joe Orton wrote: > > FYI, since I've seen people thinking seriously about test suites, this > kind of issue is impossible to test comprehensively with the current > test framework. We really need to spin up httpd multiple times with > different

Re: svn commit: r1783256 - /httpd/httpd/branches/2.4.x/STATUS

On Sat, Feb 18, 2017 at 4:44 PM, Daniel Ruggeri wrote: > > Hi, Bill; >I've replied about the pre_connnection situation - hoping someone can > give the proposed patch a test as I don't have a handy H2 testbed. Yup! Will review that thread - it's the -1 half (as opposed

Re: httpd 2.4.25, mpm_event, ssl: segfaults

On Feb 17, 2017 2:52 PM, "William A Rowe Jr" <wr...@rowe-clan.net> wrote: On Feb 17, 2017 1:02 PM, "Jacob Champion" <champio...@gmail.com> wrote: `EnableMMAP on` appears to boost performance for static files, yes, but is that because of mmap() itself, or becau

Re: httpd 2.4.25, mpm_event, ssl: segfaults

On Feb 17, 2017 1:02 PM, "Jacob Champion" wrote: `EnableMMAP on` appears to boost performance for static files, yes, but is that because of mmap() itself, or because our bucket brigades configure themselves more optimally in the mmap() code path? Yann's research is starting

Re: [2.2 PATCH] fix HttpProtocolOptions (etc) merging

Great catch; +1 to commit to 2.2.x and http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x-merge-http-strict/ branches. And thanks for adding the breadcrumb for the next sucker to miss this :-O On Fri, Feb 17, 2017 at 3:30 AM, Joe Orton wrote: > Found during QA of the

Re: svn commit: r1783317 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

On Feb 16, 2017 17:33, "Jacob Champion" <champio...@gmail.com> wrote: On 02/16/2017 03:16 PM, William A Rowe Jr wrote: > With no docs to that effect, and trying to predict what 1.2.0 might do > to us, the explicit avoidance seems safer, no? > There are docs to that

Re: Topic for discussion... 2.4.26

With the passing of OpenSSL 1.0.1, is OpenSSL 1.1.0 on our radar for the next release? I'm not clear how that merge branch is intended to be used, I'm don't understand whether we propose to adopt every feature and API change commit to modules/ssl/* - and why it has been rebased, unless we intend

Re: SSL_CTX_set_ecdh_auto noop OpenSSL 1.1.0?

On Thu, Feb 16, 2017 at 4:39 PM, Yann Ylavic <ylavic@gmail.com> wrote: > On Thu, Feb 16, 2017 at 11:33 PM, Yann Ylavic <ylavic@gmail.com> wrote: >> On Thu, Feb 16, 2017 at 10:52 PM, William A Rowe Jr <wr...@rowe-clan.net> >> wrote: >>>

Re: svn commit: r1783305 - /httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c

On Thu, Feb 16, 2017 at 4:45 PM, Yann Ylavic wrote: > On Thu, Feb 16, 2017 at 10:26 PM, wrote: >> Author: wrowe >> Date: Thu Feb 16 21:26:34 2017 >> New Revision: 1783305 >> >> URL: http://svn.apache.org/viewvc?rev=1783305=rev >> Log: >> Fix OpenSSL 1.1.0

Re: svn commit: r1783317 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

On Thu, Feb 16, 2017 at 4:48 PM, Yann Ylavic wrote: > On Thu, Feb 16, 2017 at 11:27 PM, wrote: >> Author: wrowe >> Date: Thu Feb 16 22:27:24 2017 >> New Revision: 1783317 >> >> URL: http://svn.apache.org/viewvc?rev=1783317=rev >> Log: >> Avoid unnecessary

Re: FYI brotli

ve it 1st anyway. And once again we fail our users by having a nickel holding up a dollar. > On Feb 16, 2017, at 2:48 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > > On Thu, Feb 16, 2017 at 12:47 PM, Jim Jagielski <j...@jagunet.com> wrote: >> >>> On Feb

Re: FYI brotli

On Mon, Jan 16, 2017 at 2:28 PM, Evgeny Kotkov wrote: > > There is, however, a potential problem with backporting mod_brotli, since > it relies on the Brotli library 1.0.0, which has not yet been released. > In other words, if the upstream changes the API or the

Re: FYI brotli

On Thu, Feb 16, 2017 at 2:27 PM, Evgeny Kotkov <evgeny.kot...@visualsvn.com> wrote: > William A Rowe Jr <wr...@rowe-clan.net> writes: > >> My open questions; has this been entirely reviewed in conjunction with h2? >> Will A-E: br,gzip,deflate axe all other

SSL_CTX_set_ecdh_auto noop OpenSSL 1.1.0?

I'm not clear that this was a good usage of the current API... In file included from httpd-2.x/modules/ssl/ssl_private.h:90:0, from httpd-2.x/modules/ssl/ssl_engine_init.c:29: httpd-2.x/modules/ssl/ssl_engine_init.c: In function ‘ssl_init_server_certs’:

Re: FYI brotli

On Thu, Feb 16, 2017 at 12:47 PM, Jim Jagielski <j...@jagunet.com> wrote: > >> On Feb 16, 2017, at 1:15 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: >> >> >> I concur with Evgeny Kotkov that an ABI stable dependency is appropriate >> before add

Re: FYI brotli

To close up some loose ends/confusion; On Mon, Jan 16, 2017 at 6:42 PM, Jacob Champion <champio...@gmail.com> wrote: > On 01/16/2017 04:06 PM, William A Rowe Jr wrote: >> >> Before we push this at users.. is there a concern that brotoli >> compression has similar dict

Re: mod_remoteip and mod_http2 combined

On Wed, Feb 15, 2017 at 9:02 AM, Sander Hoentjen wrote: > > mod_remote ip has: > /* mod_proxy creates outgoing connections - we don't want those */ > if (!remoteip_is_server_port(c->local_addr->port)) { > return DECLINED; > } > I am guessing something

Re: [proposed] 2.4 Maintenance SIG

On Sun, Jan 22, 2017 at 7:52 PM, Noel Butler wrote: > Perhaps the only person who wont bend over and take it up the arse like > some people here expect, if I have an opinion, i'll voice it > Noel, your immediately prior post was an interesting example, although I fail to

Re: rfc7231 - content-md5

On Fri, Jan 20, 2017 at 1:49 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > On Fri, Jan 20, 2017 at 1:21 PM, Dirk-Willem van Gulik > <di...@webweaving.org> wrote: >> RFC 7231 has retired Content-MD5. >> >> Fair game to remove it from -trunk - or

Re: rfc7231 - content-md5

On Fri, Jan 20, 2017 at 1:21 PM, Dirk-Willem van Gulik wrote: > RFC 7231 has retired Content-MD5. > > Fair game to remove it from -trunk - or make it squeek 'debrecated' at WARN > or INFO and retire it at the next minor release ? Removing what, precisely? Content-MD5

Re: Alternate versioning proposal: patch line releases

On Fri, Jan 20, 2017 at 9:43 AM, Eric Covener wrote: > > Maybe a [POLL] thread is in order, specifically for the topic of > enhancements/stability in 2.4 and ignoring aspirations about a new > versioning system or 3.0. > > e.g. > > 2.4.x is: > [ ] evolving just fine > [ ] too

Re: Alternate versioning proposal: patch line releases

On Thu, Jan 19, 2017 at 5:49 PM, Jacob Champion wrote: > This is somewhat orthogonal to Bill's current suggestion. It solves a > different set of problems, more related to the short-term > features-versus-regressions argument and less related to the long-term ABI >

Re: Alternate versioning proposal: patch line releases

On Fri, Jan 20, 2017 at 8:07 AM, Graham Leggett wrote: > On 20 Jan 2017, at 2:15 AM, Jacob Champion wrote: > >> Ignore the versioning number then; that's not really the core of my >> proposal. The key points I'm making are >> >> - introduce the concept of

Re: Reset out x.minor.z definition of 'minor' at httpd?

On Thu, Jan 19, 2017 at 6:05 PM, Jim Jagielski wrote: > Bill wrote: > >>I think one of our disconnects with 2.4 -> 2.6 is that in any other >>framework, there would be >> no ABI breakage in 2.6. That breakage would be deferred to and shipped as >> 3.0. > > Huh? For just one

Re: Reset out x.minor.z definition of 'minor' at httpd?

On Thu, Jan 19, 2017 at 6:12 PM, David Zuelke wrote: > I don't know any framework/language/library out there that handles it that > strictly. Nginx, or Ruby, or PHP, or whatever... > > From x.y.z to x.y.z+1, retain full compatibility. > > From x.y.z to x.y+1.0, keep external API

Re: Reset out x.minor.z definition of 'minor' at httpd?

On Fri, Jan 20, 2017 at 4:04 AM, Graham Leggett <minf...@sharp.fm> wrote: > On 19 Jan 2017, at 11:43 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > >> I think one of our disconnects with 2.4 -> 2.6 is that in any other >> framework, there would be no A

Re: Reset out x.minor.z definition of 'minor' at httpd?

On Thu, Jan 19, 2017 at 6:46 PM, Eric Covener <cove...@gmail.com> wrote: > On Thu, Jan 19, 2017 at 4:43 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: >> I think one of our disconnects with 2.4 -> 2.6 is that in any other >> framework, there would be no A

Reset out x.minor.z definition of 'minor' at httpd?

I think one of our disconnects with 2.4 -> 2.6 is that in any other framework, there would be no ABI breakage in 2.6. That breakage would be deferred to and shipped as 3.0. The httpd project choose to call 2.minor releases as breaking changes. Due to poor design choices, or frequent refactorings,

Re: [proposed] 2.4 Maintenance SIG

On Thu, Jan 19, 2017 at 6:29 AM, Jim Jagielski wrote: > > Here's the real issue, as I see it. If there have been "recent > breakages" it is not due to the release process, but rather > the *testing* process. That is, not enough people testing > 2.4-HEAD until we actually get

Re: [proposed] 2.4 Maintenance SIG

On Thu, Jan 19, 2017 at 2:52 PM, Noel Butler <noel.but...@ausics.net> wrote: > > On 20/01/2017 05:54, William A Rowe Jr wrote: > >> posts, I don't think you will find a single post where I suggested >> that there is an issue with the frequency of releases, but please

Re: clang-analyzer?

On Thu, Jan 19, 2017 at 1:30 PM, Ruediger Pluem wrote: > > If they are no-ops as you state in 3. how could they introduce regressions? They are still a text and code change. Cleaning up a cast, for example may change the alignment differently between various 32 and 64 bit

Re: [proposed] 2.4 Maintenance SIG

On Thu, Jan 19, 2017 at 6:29 AM, Jim Jagielski <j...@jagunet.com> wrote: > >> On Jan 18, 2017, at 8:35 PM, Eric Covener <cove...@gmail.com> wrote: >> >> On Wed, Jan 18, 2017 at 6:12 PM, William A Rowe Jr <wr...@rowe-clan.net> >> wrote: &g

Re: clang-analyzer?

On Mon, Jan 9, 2017 at 3:48 AM, Graham Leggett wrote: > On 08 Jan 2017, at 4:45 AM, Leif Hedstrom wrote: > >> I ran clang-analyzer against the HTTPD master branch, and it found 126 >> issues. Many of these are benign, but I was curious if the community has

Re: [proposed] 2.4 Maintenance SIG

On Wed, Jan 18, 2017 at 7:35 PM, Eric Covener <cove...@gmail.com> wrote: > On Wed, Jan 18, 2017 at 6:12 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: >> I'm wondering if there is anyone interested in a regression-fix-only 2.4.26 >> that >> finally pro

Re: [proposed] 2.4 Maintenance SIG

On Tue, Jan 3, 2017 at 2:18 AM, Graham Leggett <minf...@sharp.fm> wrote: > On 03 Jan 2017, at 2:11 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > >> So I'd like to know, in light of a perpetual chain of (often build and/or >> run-time breaking regression) enh

Re: JSON for mod_status

Really, this is now in the PMC's court. Doug and Aaron designed the BMX bean structure and module implementation. I'm aware that jfc's crew has also been a consumer of the module, so it already falls into that multi-vendor, multi-use case scenario. I'll leave this to them to advocate for httpd

Re: FYI brotli

Before we push this at users.. is there a concern that brotoli compression has similar dictionary or simply size based vulnerabilities as deflate? If so, maybe we teach both to step out of the way when SSL encryption filters are in place? On Jan 16, 2017 10:14, "Jim Jagielski"

Re: mod_lets-encrypt

On Sat, Jan 14, 2017 at 1:05 PM, Stefan Sperling wrote: > On Sat, Jan 14, 2017 at 07:15:29PM +0100, Dirk-Willem van Gulik wrote: >> In fact - that may be a nice feature - an, essential, empheral port. > > Would that work for web servers behind firewalls? Most configured in that

Re: mod_lets-encrypt

On Sat, Jan 14, 2017 at 12:15 PM, Dirk-Willem van Gulik <di...@webweaving.org> wrote: > > On 14 Jan 2017, at 19:05, William A Rowe Jr <wr...@rowe-clan.net> wrote: > > Any mod_letsencrypt can provision the certs but needs to do so > while still root, before servicing req

Re: mod_lets-encrypt

On Sat, Jan 14, 2017 at 10:22 AM, Eric Covener wrote: > On Sat, Jan 14, 2017 at 11:19 AM, Eric Covener wrote: >> >> I think if a feature/directive will turn on something that will write >> to configured keystores, it really shouldn't do or dictate much else.

[VOTE] [RESULTS] Release httpd-2.2.32

On Mon, Jan 9, 2017 at 12:21 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > > +/-1 > [ ] Release 2.2.32 as legacy GA With more than sufficient numbers of PMC votes and a significant number of non-binding votes, all +1 and no -1 objections, This vote passes. Shi

Re: [VOTE] Release httpd-2.2.32

On Mon, Jan 9, 2017 at 12:21 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > > Your votes, please? > > +/-1 > [+1] Release 2.2.32 as legacy GA Looking good on some of the ancient OS's, no regressions uncovered on RHEL5 on s390[x], ppc[64] and intel, Solaris 10.x on

Re: svn commit: r1778004 - /httpd/httpd/branches/2.4.x/STATUS

On Thu, Jan 12, 2017 at 10:54 AM, Yann Ylavic <ylavic@gmail.com> wrote: > On Thu, Jan 12, 2017 at 5:32 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: >>> >>> + So the only fix allowing us to use PCRE 10 in httpd 2.4 would be to >>>

Re: svn commit: r1778004 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Jan 9, 2017 at 10:12 AM, wrote: > Author: wrowe > Date: Mon Jan 9 16:12:53 2017 > New Revision: 1778004 > > PATCHES/ISSUES THAT ARE BEING WORKED >[ New entried should be added at the START of the list ] > @@ -275,6 +273,27 @@ PATCHES/ISSUES THAT ARE BEING WORKED >

Re: svn commit: r17757 - in /dev/httpd: Announcement2.2.html Announcement2.2.txt

On Tue, Jan 10, 2017 at 6:53 PM, wrote: > Author: wrowe > Date: Wed Jan 11 00:53:47 2017 > New Revision: 17757 > > Log: > Not really sure if 'httpoxy' falls in this category We call out "security defects", httpoxy is not a (web server) defect, so my inclination is to call out

Re: [VOTE] Release httpd-2.2.32

On Wed, Jan 11, 2017 at 10:16 AM, Dale Ghent wrote: > > Not a voting member, but dropping by to say that this is compiling and > working fine on OmniOS. Just a reminder, whether it's a binding vote or just commentary, votes from those beyond the usual suspects/PMC are

Re: svn commit: r1777998 - /httpd/httpd/branches/2.2.x/STATUS

As this seems (once applied to 2.4) to be an accepted part of the overall patch, Yann you might want to add this to the merge/backport patch branches as part of our overall, recommended patches against 2.2/2.4. On Mon, Jan 9, 2017 at 9:53 AM, wrote: > Author: wrowe > Date:

[VOTE] Release httpd-2.2.32

The pre-release candidate tarballs of Apache legacy httpd 2.2.32 can be found in; http://httpd.apache.org/dev/dist/ Thanks to all for patches and reviews to get us to this point. STATUS file is updated to reflect end of maintenance Jul 1 '17. Your votes, please? +/-1 [ ] Release 2.2.32 as

Re: clang-analyzer?

Several times a year, we get offers or full dumps of programmatic static code analysis. We have, for decades, rejected it all, and invited reporters to bring specific analysis of actually problematic cases back to the list (or security@, as applicable.) If anyone is interested, we consistently

Re: how make backend applications aware about tls-offloading

On Sat, Jan 7, 2017 at 2:30 AM, Reindl Harald wrote: > * Apache Trafficserver in front > * ATS configured for TLS-offloading > * connection to backend-httpd on the LAN unencrypted > * mod_remoteip correctly configured on backend httpd > > is there any way to make the

Re: Tagging update for 2.2.32

This was the patch Victor was asking if you would verify... http://home.apache.org/~ylavic/patches/httpd-2.2.x-r1753592.patch That should be resolving the late declaration bug. On Fri, Jan 6, 2017 at 8:18 PM, NormW wrote: > G/A > I'm building the 2.2.x svn source tree, not a

Re: svn commit: r1777453 - /httpd/httpd/branches/2.2.x/STATUS

On Fri, Jan 6, 2017 at 6:51 PM, Yann Ylavic wrote: > On Thu, Jan 5, 2017 at 12:39 PM, wrote: >> Author: ylavic >> Date: Thu Jan 5 11:39:58 2017 >> New Revision: 1777453 >> >> URL: http://svn.apache.org/viewvc?rev=1777453=rev >> Log: >> Promote r1753592

Re: httpd-2.2.x and C89... ;-(

Great catch, thanks Norm. That too is part of the r1753592 backport proposal, hoping someone is willing to look at these proposals. On Fri, Jan 6, 2017 at 6:31 PM, NormW wrote: > G/M > Did a test build of the 2.2.x tree and all builds nicely with exception of > the following;

Tagging update for 2.2.32

Folks, Since there are many fewer pairs of eyeballs on this branch, I've completed builds across Linux, Windows, Solaris and HPUX (and trying to salvage my AIX environment that went sideways). One of my $dayjob teammates offered to jump in, so he's been able to review 2.2.32-dev plus the

Re: svn commit: r1777460 - /httpd/httpd/trunk/modules/http/http_filters.c

On Fri, Jan 6, 2017 at 11:44 AM, Eric Covener wrote: > On Fri, Jan 6, 2017 at 12:06 PM, Jacob Champion wrote: >>> Modified: >>> httpd/httpd/trunk/modules/http/http_filters.c >>> >>> Modified: httpd/httpd/trunk/modules/http/http_filters.c >>> URL: >>>

Re: Fixing module-specific, public include/*.h file inclusion on trunk

On Fri, Dec 16, 2016 at 1:22 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > On Fri, Dec 16, 2016 at 12:57 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: >> >> So today's primary bogus result is courtesy of is due to leaving >> public headers hidin

Re: svn commit: r1777460 - /httpd/httpd/trunk/modules/http/http_filters.c

On Thu, Jan 5, 2017 at 5:14 PM, Yann Ylavic wrote: > On Thu, Jan 5, 2017 at 11:49 PM, Yann Ylavic wrote: >> >> But if any of you fears a possible regression for older 2.2.x apps (I >> see now that Eric included a test, I personnaly tested it this >>

Re: svn commit: r1777460 - /httpd/httpd/trunk/modules/http/http_filters.c

On Thu, Jan 5, 2017 at 4:05 PM, Eric Covener wrote: > Do we want this for the 2.2 release? I don't feel strongly about this. It is such an unusual edge case (I believe Yann pointed out it was a custom module he was working around) that it should rarely be seen in the wild.

Re: [proposed] 2.4 Maintenance SIG

On Thu, Jan 5, 2017 at 12:50 PM, Jacob Champion wrote: > On 01/04/2017 11:55 AM, Graham Leggett wrote: >> >> On 04 Jan 2017, at 8:37 PM, Jacob Champion wrote: >>> >>> So, there's 3k of the 20k. And remember, my point was that we can >>> fix what I call

Re: 2.2 needs a reviewer for http strict backport ...

On Thu, Jan 5, 2017 at 3:03 AM, Yann Ylavic wrote: > On Thu, Jan 5, 2017 at 3:02 AM, Eric Covener wrote: >> >> 2.2 running clean under test suite for me on Linux. > > Same here, thanks Eric for backporting. > > PS: I had to apply the OPENSSL_NO_SSL3 patch

Re: A new release process?

On Tue, Jan 3, 2017 at 1:32 PM, Jacob Champion wrote: > On 12/29/2016 08:16 PM, David Zuelke wrote: >> >> The tl;dr of this approach is that >> >> - any x.y.z release only introduces bugfixes. These releases are done >> every four weeks, like clockwork. If a fix doesn't make

Re: [proposed] 2.4 Maintenance SIG

To your questions of history; On Wed, Jan 4, 2017 at 12:37 PM, Jacob Champion wrote: > > 3) mod_apreq2 > > 1000 lines, added in 2011, no meaningful code changes since addition, no > tests, no documented public release of libapreq2 since 2010. (It does have > public

Re: Could/Shouldn't check_header() allow folding?

On Wed, Jan 4, 2017 at 11:12 AM, Yann Ylavic wrote: > > This would work for me (on the proxy side), too. > The patch (attached) is a bit longer, but still reasonable IMHO. > WDYT? Not understanding if (!header->key) { continue; } - why success if there is a dead ':

Re: [proposed] 2.4 Maintenance SIG

On Wed, Jan 4, 2017 at 9:47 AM, Graham Leggett <minf...@sharp.fm> wrote: > On 04 Jan 2017, at 3:16 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > >>> Can you give us an example of this dead code? >> >> svn diff --ignore-properties --no-diff

Re: Could/Shouldn't check_header() allow folding?

On Wed, Jan 4, 2017 at 7:21 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > On Wed, Jan 4, 2017 at 6:57 AM, Yann Ylavic <ylavic@gmail.com> wrote: >> I'm using a (third-party/closed) module which replaces newlines in >> header values (like base64 encoded PEM

Re: Could/Shouldn't check_header() allow folding?

On Wed, Jan 4, 2017 at 6:57 AM, Yann Ylavic wrote: > I'm using a (third-party/closed) module which replaces newlines in > header values (like base64 encoded PEMs) with obs-fold. > That's probably obsolete, but not forbidden per se... Actually, it is, c.f. 3.2.4 of RFC 7230

Re: [proposed] 2.4 Maintenance SIG

On Wed, Jan 4, 2017 at 2:13 AM, Graham Leggett wrote: > On 03 Jan 2017, at 10:47 PM, Jacob Champion wrote: > >> I don't feel that trunk is a dead branch, but I do think there is dead code >> in trunk. > > Can you give us an example of this dead code? svn

Re: The Version Bump fallacy [Was Re: Post 2.4.25]

On Tue, Jan 3, 2017 at 7:04 PM, Noel Butler wrote: > > On 03/01/2017 23:11, Jim Jagielski wrote: > > Back in the "old days" we used to provide complimentary builds > for some OSs... I'm not saying we go back and do that necessarily, > but maybe also providing easily

Re: svn commit: r1775789 - /httpd/httpd/branches/2.2.x/STATUS

On Tue, Jan 3, 2017 at 11:04 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > On Tue, Jan 3, 2017 at 9:55 AM, Eric Covener <cove...@gmail.com> wrote: >> I am not completely following how the branch or patch were assembled, >> but I am seeing a failure that is missi

Re: svn commit: r1775789 - /httpd/httpd/branches/2.2.x/STATUS

On Tue, Jan 3, 2017 at 9:55 AM, Eric Covener wrote: > I am not completely following how the branch or patch were assembled, > but I am seeing a failure that is missing content from the initial > trunk work (1426877) > that was also in the initial 2.4.x backport (1772678). > >

Re: The Version Bump fallacy [Was Re: Post 2.4.25]

On Jan 3, 2017 07:11, "Jim Jagielski" wrote: Back in the "old days" we used to provide complimentary builds for some OSs... I'm not saying we go back and do that necessarily, but maybe also providing easily consumable other formats when we do a release, as a "service" to the

Re: [proposed] 2.4 Maintenance SIG

On Jan 3, 2017 02:19, "Graham Leggett" wrote: Can you clarify the problem you’re trying to solve? v3.0 and v2.6 are just numbers. For modest changes, we move to v2.6. For a very large architecture change (for example, the addition of filters in v1.x to v2.x), we move to 3.0.

Re: Httpd security reveals

On Mon, Jan 2, 2017 at 11:49 PM, Eric Covener <cove...@gmail.com> wrote: > On Mon, Jan 2, 2017 at 11:48 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: >> So, Jacob and I... He did most of the grunt work, I only pushed off the >> underlying premise... Have

Httpd security reveals

So, Jacob and I... He did most of the grunt work, I only pushed off the underlying premise... Have a very very long list of real and potential security patches. I am asking publicly of (often obstanant) httpd pmc folks, do we proceed without a 2.2 mitigation? Those in the know, already know.

[proposed] 2.4 Maintenance SIG

So far, discussions are polarized on a single axis... East: Let's work on 3.0; whatever is going on in 2.4 won't distract me, I won't spend time reviewing enhancements, because 3.0 is the goal. West: Let's keep the energy going on 2.4 enhancements, I won't spend time on 3.0 usability because it

Re: Automated tests

On Dec 30, 2016 14:55, "Stefan Fritsch" wrote: Hi, it's quite rare that I have a bit of time for httpd nowadays. But I want to comment on a mail that Jacob Champion wrote on -security that contains some valid points about the lack of our test framework. I am posting this to

Re: svn commit: r1776575 - in /httpd/httpd/trunk: docs/log-message-tags/next-number docs/manual/mod/mod_remoteip.xml modules/metadata/mod_remoteip.c

945216d9d0bb4cba3e1b > 4336a4c5051a46f17c8f99a0f0@%3Cdev.httpd.apache.org%3E > > > -- > Daniel Ruggeri > > On 12/30/2016 8:00 PM, William A Rowe Jr wrote: > > -1 (yes, veto.) > > > > In general, as the original author of this particular module, you > > mi

Re: svn commit: r1776575 - in /httpd/httpd/trunk: docs/log-message-tags/next-number docs/manual/mod/mod_remoteip.xml modules/metadata/mod_remoteip.c

On Dec 30, 2016 06:20, wrote: Author: druggeri Date: Fri Dec 30 14:20:48 2016 New Revision: 1776575 URL: http://svn.apache.org/viewvc?rev=1776575=rev Log: Merge new PROXY protocol code into mod_remoteip Modified: httpd/httpd/trunk/docs/log-message-tags/next-number

Re: Post 2.4.25

On Thu, Dec 29, 2016 at 8:23 AM, Jim Jagielski <j...@jagunet.com> wrote: > >> On Dec 28, 2016, at 6:28 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: >> >> Because fixing r->uri is such a priority, trust that I'll be voting every >> 2.6 candid

Re: The Version Bump fallacy [Was Re: Post 2.4.25]

tion, I believe it is fixed now. Thanks for the heads-up! >> On Dec 28, 2016, at 5:49 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: >> >> Hi Jim, >> >> Talk to Google and the OpenOffice Team, that was a paste from OpenOffice >> Calc. >> >>

On the subject of r->uri [was: Post 2.4.25]

initial > message)]. > (Again, it's gmail, /shrug. I can attempt to undecorate but doubt I'm moving to a local client/mail store again. If anyone has good gmail formatting tips for their default settings, I'd love a pointer.) > On Thu, Dec 29, 2016 at 12:28 AM, William A Rowe Jr &l

Re: Post 2.4.25

On Dec 24, 2016 08:32, "Eric Covener" wrote: > I'm not saying we don't do one so we can do the other; I'm > saying we do both, at the same time, in parallel. I still > don't understand why that concept is such an anathema to some > people. I also worry about our ability to

Re: Post 2.4.25

On Dec 24, 2016 07:57, "Jim Jagielski" wrote: > On Dec 24, 2016, at 8:29 AM, Rich Bowen wrote: > > On 12/23/2016 03:52 PM, Jim Jagielski wrote: >> Personally, I don't think that backporting stuff to >> 2.4 prevents or disallows development on 2.6/3.0. In

Re: The Version Bump fallacy [Was Re: Post 2.4.25]

On Dec 28, 2016 10:34, "William A Rowe Jr" <wr...@rowe-clan.net> wrote: Specific Revision Of all Most Recent Of m.m Of all Apache/1.3.x 391898 3.33% 1.3.42 42392 10.82% 0.36% Apache/2.0.x 551117 4.68% 2.0.64 36944 6.70% 0.31% Apache/2.2.x 7129391 60.49% 2.2.31 1332448 18.78% 11.

Re: The Version Bump fallacy [Was Re: Post 2.4.25]

els... > > > On Dec 28, 2016, at 1:34 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: > > > > On Wed, Dec 28, 2016 at 9:13 AM, Jim Jagielski <j...@jagunet.com> wrote: > > cPanel too... They are moving to EA4 which is Apache 2.4. > > > > If

Re: The Version Bump fallacy [Was Re: Post 2.4.25]

On Wed, Dec 28, 2016 at 9:13 AM, Jim Jagielski wrote: > cPanel too... They are moving to EA4 which is Apache 2.4. > If not moved yet, that example wouldn't be helpful, it reinforces my point four years later. But EA itself seems to track pretty closely to the most

Re: The Version Bump fallacy [Was Re: Post 2.4.25]

On Wed, Dec 28, 2016 at 9:05 AM, Jan Ehrhardt <php...@ehrhardt.nl> wrote: > William A Rowe Jr in gmane.comp.apache.devel (Tue, 27 Dec 2016 23:35:50 > -0600): > >But the vast majority of httpd, nginx, and yes - even IIS > >users are all running what they were handed from

The Version Bump fallacy [Was Re: Post 2.4.25]

On Fri, Dec 23, 2016 at 2:52 PM, Jim Jagielski wrote: > > As I have also stated, my personal belief is that > 2.4 is finally reaching some traction, and if we > "turn off" development/enhancement of 2.4, we will > stop the uptake of 2.4 in its track. This is where I think we

Re: Post 2.4.25

On Dec 23, 2016 9:58 PM, "Jim Jagielski" wrote: Well, since I am actively working on trunk, I am obviously interested in seeing continued work being done on it and the work being usable to our users in a timely fashion. Since backports to 2.2 have not affected work on 2.4 or

Re: Post 2.4.25

On Fri, Dec 23, 2016 at 2:20 PM, Jim Jagielski wrote: > For me, it would be moving as much as we can from > trunk to 2.4 -1. To echo your frequent use of media to emphasize the point, with a song nearly as old as us; https://www.youtube.com/watch?v=EsCyC1dZiN8 Next step is

Re: T of 2.4.24

On Fri, Dec 9, 2016 at 8:03 AM, Jim Jagielski <j...@jagunet.com> wrote: > > > On Dec 9, 2016, at 12:20 AM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: > > > > On Thu, Dec 8, 2016 at 12:16 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: > &

Re: svn commit: r1775705 - in /httpd/httpd/branches/2.2.x-merge-http-strict: ./ server/protocol.c

On Thu, Dec 22, 2016 at 6:00 PM, Yann Ylavic wrote: > On Thu, Dec 22, 2016 at 8:20 PM, wrote: > > Author: wrowe > > Date: Thu Dec 22 19:20:25 2016 > > New Revision: 1775705 > > > > URL: http://svn.apache.org/viewvc?rev=1775705=rev > > Log: > > Backports:

Re: svn commit: r1775696 - /httpd/httpd/branches/2.2.x-merge-http-strict/

On Thu, Dec 22, 2016 at 5:50 PM, Yann Ylavic wrote: > On Thu, Dec 22, 2016 at 7:45 PM, wrote: > > Author: wrowe > > Date: Thu Dec 22 18:45:59 2016 > > New Revision: 1775696 > > > > URL: http://svn.apache.org/viewvc?rev=1775696=rev > > Log: > > Backports:

Re: svn commit: r1769669 [2/2] - in /httpd/httpd/branches/2.4.x-merge-http-strict: ./ docs/manual/ docs/manual/mod/ include/ server/

On Thu, Dec 22, 2016 at 11:37 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: > Am 22.12.2016 um 18:25 schrieb William A Rowe Jr: > >> On Thu, Dec 22, 2016 at 9:29 AM, Eric Covener <cove...@gmail.com >> <mailto:cove...@gmail.com>> wrote: >> >>

Re: svn commit: r1769669 [2/2] - in /httpd/httpd/branches/2.4.x-merge-http-strict: ./ docs/manual/ docs/manual/mod/ include/ server/

On Thu, Dec 22, 2016 at 9:29 AM, Eric Covener wrote: > I think the log severity changes below could use some eyes, especially > in context of 2.2. Are these lowered because they're redundant? I > haven't yet looked. > > I am tempted to leave the old severities for 2.2 and

Re: APLOGNO in 2.2 backports

On Thu, Dec 22, 2016 at 9:33 AM, Eric Covener wrote: > Should we have something like this in 2.2: > > #define APLOGNO(s) "" > > So subsequent backports don't need manual merging when the context has > a message ID in it? > IMO, no. Because if you are applying it as a patch

Re: svn commit: r17503 - in /dev/httpd: Announcement2.4.html Announcement2.4.txt

On Tue, Dec 20, 2016 at 12:34 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > On Tue, Dec 20, 2016 at 12:13 PM, <wr...@apache.org> wrote: > >> Author: wrowe >> Date: Tue Dec 20 18:13:12 2016 >> New Revision: 17503 >> >> Log: >> Record

Re: Old Announcement Logo

Sure thing. I only needed ...2.4.txt in its final form. Go for it :) Bill On Tue, Dec 20, 2016 at 1:02 PM, Jacob Champion wrote: > Rich pointed out that our announcements are still using the old logo: > > https://www.apache.org/dist/httpd/Announcement2.4.html > >

Re: svn commit: r17503 - in /dev/httpd: Announcement2.4.html Announcement2.4.txt

On Tue, Dec 20, 2016 at 12:13 PM, wrote: > Author: wrowe > Date: Tue Dec 20 18:13:12 2016 > New Revision: 17503 > > Log: > Record security errata, edits in the next 45 minutes are most welcomed > > Modified: > dev/httpd/Announcement2.4.html >

<    2   3   4   5   6   7   8   9   10   11   >