On 22 Apr 2014, at 3:04 PM, Jeff Trawick <[email protected]> wrote: > IMHO as a httpd+apr dev: > > * If httpd trunk switches to apr escape API to the extent practical and > throws out its own implementation, and unreleased APR features are the > natural way to accommodate that, I think that is ample justification for a > new APR 1.x branch. (Otherwise, continue to patch up the httpd escape API to > support backporting to 2.4.x as necessary.)
I don't want to import an ldap escaping implementation into httpd at all only to immediate deprecate it and plan to rip it out. What LDAP escaping mechanism that is baked in already doesn't follow the RFC consistently, and I want to fix that from the get go. With v1.5.1 out with build fixes to the apr_escape API, it is now time to swap out the legacy escaping support in httpd for the APR version, given that the APR version uses less memory than the httpd versions (memory allocation is exact, not worst case scenario of strlen()*3). > * In httpd 2.4.x-land, I think everyone should try reasonably hard to avoid > depending on newer and newer levels of APR for this or that feature. For us > it is a very minor detail but for users it is something else to stumble over > in case their distro or their own prior efforts got them a level of APR which > is generally ok. Agreed. Regards, Graham --
