On Fri, Sep 07, 2007 at 01:12:05AM -0500, William A. Rowe, Jr. wrote: > But my first argument remains; if we break the expected > behavior, we instantly render all previous generated hashes irreconcilable. > > So it really seems like an apr-1.3 change, if that, and httpd-2.4/3.0 if > that was what the poster was getting at.
I don't know about IBM's EBCDIC machines. For BS2000, we have no problem with backward compatibility, as 2.2.6 will be the 1st 2.x release, and as far as MD5 is concerned, compatibility with UNIX .htpasswd files is valued higher than compatibility with 1.3 (which is going to be replaced by 2.2.6). Anyway, users tended to use the default (crypt) passwords, not the (more exotic on unix machines) MD5 passwords. And a major switch in versions allows for a minor incompatible change that is going to be well documented too. So, from my POV, I'm leaning towards fixing it in an "ASCII compatible" way, rather than maintaining the incompatible format for eternity. Martin -- <[EMAIL PROTECTED]> | Fujitsu Siemens http://www.fujitsu-siemens.com/imprint.html | 81730 Munich, Germany
