On Thu, May 27, 2021, 07:52 Eric Covener <cove...@gmail.com> wrote: > On Thu, May 27, 2021 at 8:45 AM Rainer Jung <rainer.j...@kippdata.de> > wrote: > > > is my understanding correct, that even httpd trunk (and then also 2.4.x) > > needs LDAP support in APR/APU to build mod_ldap and mod_authnz_ldap? > > > > So since we removed LDAP support from APR trunk, that means those > > modules currently can not be build using APR trunk, neither in httpd > > trunk nor in httpd 2.4.x. Correct? > > I think this is correct. This was a pretty heated/sore issue to my > recollection. Only the removal got done. >
That's nearly correct. The port to ap_ namespace was composed and committed to httpd trunk, by myself. And in the heat of the argument, vetoed by the obvious party, so I reasonably promptly reverted that, without a few minor tweaks that were still necessary across various platforms or httpd build scenarios. But you can find nearly all the necessary work on httpd trunk history, if there's a desire to ressurect the ability for httpd to survive an apr 2 release. It didn't matter for PCRE, so I don't know that it is a priority. Any discussion w.r.t. apr project belongs at that project, if there's a desire to cause some action there. Based on observations of the huge scale of Curl vulnerabilities (which hit us for mod_md, because that is libcurl, as opposed to serf or something straightforward as the letsenrypt client), and on some additional thoughts shared on apr about further modularizing and disconnecting the each-and-every-facility from core apr+util, that would be an interesting discussion to have. But it might have even more additional resistance based on today's security postures, based on dependencies of dependencies security history.