Re: Moderations for modules.apache.org

2015-11-11 Thread Daniel Gruno 


On 11/9/2015, 1:54:59 PM, Graham Leggett  wrote: 
> On 09 Nov 2015, at 2:41 PM, Daniel Gruno  wrote:
> 
> > You're welcome to try to clean it up ;)
> > make a user account on the system and give me the UID of that user (the
> > ID, not the username - there are tens of thousands of users, so I can't
> > see them all in the admin interface anymore).
> 
> :)
> 
> > I am contemplating removing all users/mods and adding some recaptcha
> > stuff to it soon, but enotime right now.
> 
> Is there a way to leverage LDAP at all? (Or whatever backs the JIRA et al 
> instances)
> 

JIRA isn't LDAP backed, FWIW.
And no, we wanted it to be open to the larger public to submit modules, not 
just committers. But the rub is, we are being attacked manually by actual 
people sending in garbage stuff, bypassing the security checks. I'm not 
entirely sure how to combat this, but I do have a few ideas. They require 
something close to a complete wipe of the database , however.

With regards,
Daniel.

> Regards,
> Graham
> —
> 
> 
--
Sent via Pony Mail for dev@httpd.apache.org. 
View this email online at:
https://pony-poc.apache.org/list.html?dev@httpd.apache.org

Re: [VOTE] Release Apache httpd 2.4.17 as GA

2015-11-11 Thread Reindl Harald 



Am 11.10.2015 um 22:06 schrieb Rainer Jung:

Am 11.10.2015 um 21:14 schrieb Reindl Harald:



Am 11.10.2015 um 21:07 schrieb Yann Ylavic:

On Sun, Oct 11, 2015 at 8:59 PM, Reindl Harald
 wrote:


Google only showed discussions, Bugzilla and so on and finding the new
directive is hard - maybe the hint should made it into the changelog
for GA
release


Yes you're right, I should have mentioned that directive in the
CHANGES entry.
Unfortunately I'm afraid it's too late now, the 2.4.17 tag is frozen.
Hopefully the (new) documentation will quickly be indexed...


no problem since it's diabled by default


"ab -c 100 -n 5 http://small-image.gif; did not make me that happy
after a short test on a quadcore machine, after some time httpd stopped
to respond for a tinay statical image with a few bytes

# SO_REUSEPORT support
# = 2.4.17>
#  ListenCoresBucketsRatio 4
# 


You might run into problems if your server accumulates to many TIME_WAIT
connections. Check their number in the "netstat -an" output.

ab without "-k" does in connection per request and if those are only
used very short and the server is fast you can end up with a couple of
10.000s of TIME_WAIT connections (independent of SO_REUSEPORT)


sorry for the last reply

no, it's only when "ListenCoresBucketsRatio 4" is used while otherwise a 
"ab -c 100 -n 500 http://small-image.gif; is no problem




signature.asc
Description: OpenPGP digital signature

Re: Moderations for modules.apache.org

2015-11-11 Thread Daniel Gruno 
I'm a bit slow this morning. I'm sitting here, using Pony Mail for replying, 
not realizing...we should use OAuth for this! It would still require a wipe of 
the current DB, but if we use the ASF OAuth plus maybe Google OAuth for 
non-committers, we should be able to allow only _actual people_ to contribute 
to this. :)

Does this sound like a good idea, or complete overkill?

With regards,
Daniel.

On 11/9/2015, 1:54:59 PM, Graham Leggett  wrote: 
> On 09 Nov 2015, at 2:41 PM, Daniel Gruno  wrote:
> 
> > You're welcome to try to clean it up ;)
> > make a user account on the system and give me the UID of that user (the
> > ID, not the username - there are tens of thousands of users, so I can't
> > see them all in the admin interface anymore).
> 
> :)
> 
> > I am contemplating removing all users/mods and adding some recaptcha
> > stuff to it soon, but enotime right now.
> 
> Is there a way to leverage LDAP at all? (Or whatever backs the JIRA et al 
> instances)
> 
> Regards,
> Graham
> —
> 
> 
--
Sent via Pony Mail for dev@httpd.apache.org. 
View this email online at:
https://pony-poc.apache.org/list.html?dev@httpd.apache.org

Re: Moderations for modules.apache.org

2015-11-11 Thread Nick Kew 
On Wed, 2015-11-11 at 11:27 +, Daniel Gruno wrote:

> Does this sound like a good idea, or complete overkill?

I have long thought we might employ an alternative scheme
akin to a "planet" aggregator.  Make the module index
an aggregator from module authors providing and
maintaining their own descriptions as DOAP files.
That way an author doesn't have to go through any
manual process or moderation to update entries,
and the admin burden is reduced.

We still have to bootstrap new authors wanting us to
aggregate their DOAP URLs.  We could fully automate it
for committers by auto-approving apache.org URLs,
leaving a much reduced space for manual moderation
and still vulnerable to spam attacks.

Then we can reduce that further by requiring oauth
as you suggest.  And once the OpenMiracl podling
has a TA up-and-running, we can deploy that to
help open a wider circle of strong trust.

Just a thought.

-- 
Nick Kew

cppcheck warning with mod_http2

2015-11-11 Thread Christophe JAILLET 

Hi,

mod_http2 generates some new cppcheck warnings:

modules/http2/h2_config.h
62unnecessaryForwardDeclarationstyleThe struct 'h2_config' 
forward declaration is unnecessary. Type struct is already declared earlier.

modules/http2/h2_io_set.h
25unnecessaryForwardDeclarationstyleThe struct 'h2_io_set' 
forward declaration is unnecessary. Type struct is already declared earlier.

modules/http2/h2_mplx.c
106redundantAssignmentstyleVariable 'status' is reassigned a 
value before the old one has been used.

modules/http2/h2_request.c
87unsignedLessThanZerostyleChecking if unsigned variable 
'nlen' is less than zero.

modules/http2/h2_response.h
34unnecessaryForwardDeclarationstyleThe struct 'h2_response' 
forward declaration is unnecessary. Type struct is already declared earlier.

modules/http2/h2_session.c
1150unusedStructMemberstylestruct or union member 
'nvctx_t::offset' is never used.

modules/http2/h2_task.c
211redundantAssignmentstyleVariable 'status' is reassigned a 
value before the old one has been used.

modules/http2/h2_to_h1.c
284redundantAssignmentstyleVariable 'status' is reassigned a 
value before the old one has been used.




At least this one is spurious:
   modules/http2/h2_session.c
   1150unusedStructMemberstylestruct or union member 
'nvctx_t::offset' is never used.


nvctx_t is defined both in h2_session and in h2_response.
Only the latter seems useful. I think that the one in h2_session could 
be completely dropped.



Best regards,
CJ