> Any users who run httpd are unlikely to have installed APR 1.[01] given > that APR 1.x has never been supported by an httpd release to date. It's > really only httpd/APR developers who are likely to get into this > situation. (APR 1.x has never been shipped in a Subversion tarball)
As far as i know APR 1.0 (1.1 perhaps) is the only APR that is available as a standalone APR with FreeBSD systems, and if i remember correctly that APR gets installed as a prereq for Subversion if you use ports to build it. Yes, this is probably not a very big problem as Subversion is most likely used only by developers or other knowledgeable people... however, i do not know how many other ports installations that are using this APR. (Worst case, some really common port uses it and all of a sudden this is a really big problem.) Just to lift the two issues i know of atm and make sure they are at least being documented, here they are. First off, configure does not like it when you give the httpd configure the source trees to use (without running any other configures first), and... as the configure clearly states that this should work, how many users do you think is gonna do the configure in both apr and apr-util first and then run the httpd configure? (Really?!) Not that many i think, and if this is really how its released, then there should be a clear statement somewhere in the install docs or in configure itself that "this is not working, do it this way instead". Secondly, there was a huge buzz over mod_authn_dbd not working or being built... but i dont see any buzz over mod_authnz_ldap not working with newer versions of OpenSSL and OpenLDAP and mod_authnz_ldap is actually included in the build, this is an issue that also is a few weeks old, but has this even been documented somewhere? Actually, wrowe, is this still true? Havent heard anything so im kinda assuming that its still broken. And as OpenLDAP is commonly used for system wide authentication i can definitely see people screaming when they try to get their new Apache 2.2.0 to auth against it as well, using SSL that is. This seems like an issue that should be documented (if its still an issue) or i can see users@ beeing flooded here too. / Andreas
