Quoting myself, and asking for -one- review... httpd-2.0.55 is stillborn. We will not release as-is with my veto on trawick's backport of the http proxy request processing changes. Many voiced an opinion to go forward, so there is code in a seperate branch to bring the code he backported in sync with RFC 2616 and our current trunk/.
jimj has voiced one of our 3 +1's. Myself included, it needs one more +1 review, and more +'s than -'s... At 08:34 PM 8/8/2005, William A. Rowe, Jr. wrote: >There is no way in hell I'm refactoring now near 90 hours of work >to make it more digestable. This big steak I just chowed down >on Sunday, regurgitating into tiny little digestable pieces for >chicks to lap up and swallow, is absolutely illustrative of what >the hell the code should look like. You don't like #7, Joe doesn't >like #3, Jeff doesn't like #13 and Jim doesn't like #10. For that >matter I can't even stand where it started from or how I got to the >end. That's fine, take each little digestable bit. If it doesn't >break the code, choose to not vote or +1 it. I don't care. If it >breaks the code, give me technical justification and I'll address >the complaint. If any pmc member would please review http://svn.apache.org/viewcvs/httpd/httpd/branches/proxy-reqbody-2.0.x/modules/proxy/proxy_http.c from r219059-r230744, we can finally close the logjam. AFAIK, my employer is the only one shipping -moderately- vulnerability free code, which is a pity since under both hats I always try to serve the ASF in turn with my employer, and offer no allegiance to one over the other. And in fact, my employer knows nothing of what happens in the security reaction team here until some public announcement is made. Sad, quite sad. (You might also consider r171205, the vetoed change, in your overall evaluation). I understand few have the patience to review the changes, and clearly no others understand the code in the first place. I'll propose under separate email to eject proxy from the httpd core project in 2.2., given that we have insufficient oversight to support mod_proxy, unless someone speaks pro or con on technical, rather than silly grammatical, formatting and procedural matters. If you don't follow my changes, ask questions. Questions are always good. There are no embarrassing questions, only sometimes pathetic answers :) Bill
