On Wed, Feb 14, 2024 at 1:45 PM Joe Schaefer <j...@sunstarsys.com> wrote: > > Assuming Google hasn't found any more fuzzing vulnerabilities with apreq, we > should call the subproject done after releasing it, rolling any new efforts > into httpd's internal copy of the codebase for the next major release of > httpd. > > Sound like a plan? I can get the ball rolling on the RM process assuming I > still have working login (or can reacquire it via pw reset.
I think another apreq release makes sense. But from the few relevant threads over the years (many on private lists), there seems to be little maintainer support for apreq much less apreq embedded in httpd. If there ever were a release branched from trunk, I don't think it's likely the embedded apreq would survive. I think it's a big consideration for what's done with the standalone tree.