Thanks for the comments Nick. We are happy to release this code under the
Apache licence, appologies - should have been clear about that initally.
Regarding the security review, I agree that's a wise move. We haven't run
it sandboxed. If you have some suggestions re. security testing we'd be
pleased to hear them.
Regards
Jake
On Fri, 2 Jul 2010, Nick Kew wrote:
On Fri, 2 Jul 2010 11:31:52 +0100 (BST)
Jake Scott <[email protected]> wrote:
Hi apache-dev
We have developed a module for Apache 2.2+ that handles log rotation
automatically. We would like to submit the code for review and possible
inclusion in a future version of the httpd product.
First glance: looks interesting - thanks for sharing (though strictly
speaking, in the absence of a license you've only shared in a limited way).
As regards inclusion in a future release, I'm undecided whether I'd
support that (I won't stand in the way of it if there's a consensus
in favour). Couple of points:
- Since it uses the monitor hook and run as root, we'll need extra-vigilant
security review. Have you run it in a sandbox (zone, jail, chroot, ???)?
- Some trivial style fixes and clean compilation would be good.
If your powers-that-be are happy with it, I'd suggest you start by
publishing what you have under the Apache license (and advertising
it in places like modules.apache.org) for users of 2.2.
If there's support for including it in a future release, you should target
svn trunk for 2.4. This would be an opportunity to take advantage of the
APR features you found, as well as the monitor hook including a server_rec.
