On Monday 03 September 2001 11:36, William A. Rowe, Jr. wrote:
> From: "Justin Erenkrantz" <[EMAIL PROTECTED]>
> Sent: Monday, September 03, 2001 12:57 PM
>
> > I also think that we do not need to redistribute zlib in our source
> > tree. I think it is common enough now that most OSes come with it.
> > (I look at how we handle the OpenSSL library and think zlib falls
> > in the same category.)
>
> We don't distribute OpenSSL because it's a huge chunk of code!!!
>
> We certainly can't rely on folks having 0.9.6b installed (or even 0.9.6a,
> the absolute minimum to avoid some pretty significant holes, leaving a
> problem or to remaining.) But we aren't about to distribute that much
> code, we have a relationship with the maintainers (one sits on the ASF
> board), and _new_ crypto development still has hardships within the US.
> There is nothing new or novel about mod_ssl, which is why we have no
> problem falling under the crypt export relaxation for 'publicly available
> open sources'.
>
> I have no issue with dropping the current (and httpd-maintained) zlib,
> returning all patches to the authors. If there are problems with threading
> support + leaks, we will need to fix them if we will call this 'supported'.
> Same as we do for pcre and expat, which aren't as firmly established as
> the ASF or even the OpenSSL organization. It adds some 160kb to the
> tarball, as distributed at zlib.org.
I have a big problem with this. We had a hard enough time contributing
patches back to MM. The only reason we keep expat and pcre up to date,
is that we NEVER make any changes to them. I would be very much against
adding zlib to our tree.
Ryan
______________________________________________________________
Ryan Bloom [EMAIL PROTECTED]
Covalent Technologies [EMAIL PROTECTED]
--------------------------------------------------------------