On Tue, Feb 28, 2017 at 2:50 AM, Pavel Reichl wrote:
> Hello,
>
> I have a question regarding this new directive - HttpProtocolOptions and in
> particular its parameter Unsafe.
>
> From https://httpd.apache.org/docs/2.4/mod/core.html:
> ...Due to legacy modules, applications or custom user-agents
On Mon, Feb 27, 2017 at 12:16 PM, Jacob Champion wrote:
>
> On 02/23/2017 04:48 PM, Yann Ylavic wrote:
>> On Wed, Feb 22, 2017 at 8:55 PM, Daniel Lescohier wrote:
>>>
>>>
>>> IOW: read():Three copies: copy from filesystem cache to httpd
>>> read() buffer to encrypted-data buffer to kernel socket b
On Fri, Feb 24, 2017 at 11:59 PM, Helmut K. C. Tessarek
wrote:
>
> On 2017-02-24 23:45, William A Rowe Jr wrote:
>
>> We provide .asc pgp signatures exclusively for that purpose.
>
> I agree, gpg is the only way to check the authenticity of a file.
>
> However, peopl
On Fri, Feb 24, 2017 at 12:02 PM, Yann Ylavic wrote:
> On Fri, Feb 24, 2017 at 6:52 PM, Jim Jagielski wrote:
>> I think we should start, in addition to "signing" w/ md5 and sha-1,
>> using sha-256 as well.
>>
>> Sound OK?
>
> Our "true" signing has and will always be PGP.
> Though SHA-256 is ofte
On Fri, Feb 24, 2017 at 2:30 PM, Helmut K. C. Tessarek
wrote:
> On 2017-02-24 12:52, Jim Jagielski wrote:
>> I think we should start, in addition to "signing" w/ md5 and sha-1,
>> using sha-256 as well.
>
> I have a question: why are you still using md5/sha1 for generating file
> hashes in the fir
On Wed, Feb 22, 2017 at 1:04 AM, Nick Kew wrote:
> On Tue, 2017-02-21 at 21:58 +, Joe Orton wrote:
>
>> Any reason is a bad idea, so we can do that more cleanly
>> (... in a couple of decades time)?
>
> One reason it might be a very bad idea: user confusion!
>
> I'm thinking of the track reco
On Sat, Feb 18, 2017 at 4:25 PM, Daniel Ruggeri wrote:
> On 2017-02-15 09:07 (-0600), William A Rowe Jr wrote:
>> On Wed, Feb 15, 2017 at 9:02 AM, Sander Hoentjen wrote:
>> >
>> > mod_remote ip has:
>> > /* mod_proxy creates outgoing connections
On Mon, Feb 20, 2017 at 10:16 AM, Joe Orton wrote:
>
> FYI, since I've seen people thinking seriously about test suites, this
> kind of issue is impossible to test comprehensively with the current
> test framework. We really need to spin up httpd multiple times with
> different configurations, to
On Sat, Feb 18, 2017 at 4:44 PM, Daniel Ruggeri wrote:
>
> Hi, Bill;
>I've replied about the pre_connnection situation - hoping someone can
> give the proposed patch a test as I don't have a handy H2 testbed.
Yup! Will review that thread - it's the -1 half (as opposed to a general -0 half
for
On Feb 17, 2017 2:52 PM, "William A Rowe Jr" wrote:
On Feb 17, 2017 1:02 PM, "Jacob Champion" wrote:
`EnableMMAP on` appears to boost performance for static files, yes, but is
that because of mmap() itself, or because our bucket brigades configure
themselves more optimall
On Feb 17, 2017 1:02 PM, "Jacob Champion" wrote:
`EnableMMAP on` appears to boost performance for static files, yes, but is
that because of mmap() itself, or because our bucket brigades configure
themselves more optimally in the mmap() code path? Yann's research is
starting to point towards the l
Great catch; +1 to commit to 2.2.x and
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x-merge-http-strict/
branches.
And thanks for adding the breadcrumb for the next sucker to miss this :-O
On Fri, Feb 17, 2017 at 3:30 AM, Joe Orton wrote:
> Found during QA of the CVE-2016-8743 patch
On Feb 16, 2017 17:33, "Jacob Champion" wrote:
On 02/16/2017 03:16 PM, William A Rowe Jr wrote:
> With no docs to that effect, and trying to predict what 1.2.0 might do
> to us, the explicit avoidance seems safer, no?
>
There are docs to that effect for 1.1.0.
https://w
With the passing of OpenSSL 1.0.1, is OpenSSL 1.1.0 on our radar for the
next release?
I'm not clear how that merge branch is intended to be used, I'm don't
understand whether we propose to adopt every feature and API change commit
to modules/ssl/* - and why it has been rebased, unless we intend t
On Thu, Feb 16, 2017 at 4:39 PM, Yann Ylavic wrote:
> On Thu, Feb 16, 2017 at 11:33 PM, Yann Ylavic wrote:
>> On Thu, Feb 16, 2017 at 10:52 PM, William A Rowe Jr
>> wrote:
>>> I'm not clear that this was a good usage of the current API...
>>>
>>&
On Thu, Feb 16, 2017 at 4:45 PM, Yann Ylavic wrote:
> On Thu, Feb 16, 2017 at 10:26 PM, wrote:
>> Author: wrowe
>> Date: Thu Feb 16 21:26:34 2017
>> New Revision: 1783305
>>
>> URL: http://svn.apache.org/viewvc?rev=1783305&view=rev
>> Log:
>> Fix OpenSSL 1.1.0 breakage in r1781575; BIO_s_file_in
On Thu, Feb 16, 2017 at 4:48 PM, Yann Ylavic wrote:
> On Thu, Feb 16, 2017 at 11:27 PM, wrote:
>> Author: wrowe
>> Date: Thu Feb 16 22:27:24 2017
>> New Revision: 1783317
>>
>> URL: http://svn.apache.org/viewvc?rev=1783317&view=rev
>> Log:
>> Avoid unnecessary code (the deprecation macro wrapper
d once
again we fail our users by having a nickel holding up
a dollar.
> On Feb 16, 2017, at 2:48 PM, William A Rowe Jr
wrote:
>
> On Thu, Feb 16, 2017 at 12:47 PM, Jim Jagielski wrote:
>>
>>> On Feb 16, 2017, at 1:15 PM, William A Rowe Jr
wrote:
>>>
>&g
On Mon, Jan 16, 2017 at 2:28 PM, Evgeny Kotkov
wrote:
>
> There is, however, a potential problem with backporting mod_brotli, since
> it relies on the Brotli library 1.0.0, which has not yet been released.
> In other words, if the upstream changes the API or the library layout
> or their pkg-confi
On Thu, Feb 16, 2017 at 2:27 PM, Evgeny Kotkov
wrote:
> William A Rowe Jr writes:
>
>> My open questions; has this been entirely reviewed in conjunction with h2?
>> Will A-E: br,gzip,deflate axe all others from that list when deciding to
>> enable brotli? (I presume no
I'm not clear that this was a good usage of the current API...
In file included from httpd-2.x/modules/ssl/ssl_private.h:90:0,
from httpd-2.x/modules/ssl/ssl_engine_init.c:29:
httpd-2.x/modules/ssl/ssl_engine_init.c: In function ‘ssl_init_server_certs’:
include/openssl/ssl.h:1287:
On Thu, Feb 16, 2017 at 12:47 PM, Jim Jagielski wrote:
>
>> On Feb 16, 2017, at 1:15 PM, William A Rowe Jr wrote:
>>
>>
>> I concur with Evgeny Kotkov that an ABI stable dependency is appropriate
>> before adding this to httpd 2.4.x - so far as I've
To close up some loose ends/confusion;
On Mon, Jan 16, 2017 at 6:42 PM, Jacob Champion wrote:
> On 01/16/2017 04:06 PM, William A Rowe Jr wrote:
>>
>> Before we push this at users.. is there a concern that brotoli
>> compression has similar dictionary or simply size based
On Wed, Feb 15, 2017 at 9:02 AM, Sander Hoentjen wrote:
>
> mod_remote ip has:
> /* mod_proxy creates outgoing connections - we don't want those */
> if (!remoteip_is_server_port(c->local_addr->port)) {
> return DECLINED;
> }
> I am guessing something similar is needed for h2 c
On Sun, Jan 22, 2017 at 7:52 PM, Noel Butler wrote:
> Perhaps the only person who wont bend over and take it up the arse like
> some people here expect, if I have an opinion, i'll voice it
>
Noel, your immediately prior post was an interesting example, although I
fail
to see how that particular
On Fri, Jan 20, 2017 at 1:49 PM, William A Rowe Jr wrote:
> On Fri, Jan 20, 2017 at 1:21 PM, Dirk-Willem van Gulik
> wrote:
>> RFC 7231 has retired Content-MD5.
>>
>> Fair game to remove it from -trunk - or make it squeek 'debrecated' at WARN
>> or INFO
On Fri, Jan 20, 2017 at 1:21 PM, Dirk-Willem van Gulik
wrote:
> RFC 7231 has retired Content-MD5.
>
> Fair game to remove it from -trunk - or make it squeek 'debrecated' at WARN
> or INFO and retire it at the next minor release ?
Removing what, precisely? Content-MD5 headers aren't implemented i
On Fri, Jan 20, 2017 at 9:43 AM, Eric Covener wrote:
>
> Maybe a [POLL] thread is in order, specifically for the topic of
> enhancements/stability in 2.4 and ignoring aspirations about a new
> versioning system or 3.0.
>
> e.g.
>
> 2.4.x is:
> [ ] evolving just fine
> [ ] too unstable due to new
On Thu, Jan 19, 2017 at 5:49 PM, Jacob Champion wrote:
> This is somewhat orthogonal to Bill's current suggestion. It solves a
> different set of problems, more related to the short-term
> features-versus-regressions argument and less related to the long-term ABI
> arguments. Both are important to
On Fri, Jan 20, 2017 at 8:07 AM, Graham Leggett wrote:
> On 20 Jan 2017, at 2:15 AM, Jacob Champion wrote:
>
>> Ignore the versioning number then; that's not really the core of my
>> proposal. The key points I'm making are
>>
>> - introduce the concept of a low-risk release line
>
> We have alwa
On Thu, Jan 19, 2017 at 6:05 PM, Jim Jagielski wrote:
> Bill wrote:
>
>>I think one of our disconnects with 2.4 -> 2.6 is that in any other
>>framework, there would be
>> no ABI breakage in 2.6. That breakage would be deferred to and shipped as
>> 3.0.
>
> Huh? For just one single, simple exampl
On Thu, Jan 19, 2017 at 6:12 PM, David Zuelke wrote:
> I don't know any framework/language/library out there that handles it that
> strictly. Nginx, or Ruby, or PHP, or whatever...
>
> From x.y.z to x.y.z+1, retain full compatibility.
>
> From x.y.z to x.y+1.0, keep external API compatibility, br
On Fri, Jan 20, 2017 at 4:04 AM, Graham Leggett wrote:
> On 19 Jan 2017, at 11:43 PM, William A Rowe Jr wrote:
>
>> I think one of our disconnects with 2.4 -> 2.6 is that in any other
>> framework, there would be no ABI breakage in 2.6. That breakage
>> would be def
On Thu, Jan 19, 2017 at 6:46 PM, Eric Covener wrote:
> On Thu, Jan 19, 2017 at 4:43 PM, William A Rowe Jr
> wrote:
>> I think one of our disconnects with 2.4 -> 2.6 is that in any other
>> framework, there would be no ABI breakage in 2.6. That breakage
>> would be def
I think one of our disconnects with 2.4 -> 2.6 is that in any other
framework, there would be no ABI breakage in 2.6. That breakage
would be deferred to and shipped as 3.0.
The httpd project choose to call 2.minor releases as breaking
changes. Due to poor design choices, or frequent refactorings,
On Thu, Jan 19, 2017 at 6:29 AM, Jim Jagielski wrote:
>
> Here's the real issue, as I see it. If there have been "recent
> breakages" it is not due to the release process, but rather
> the *testing* process. That is, not enough people testing
> 2.4-HEAD until we actually get close to a release. Th
On Thu, Jan 19, 2017 at 2:52 PM, Noel Butler wrote:
>
> On 20/01/2017 05:54, William A Rowe Jr wrote:
>
>> posts, I don't think you will find a single post where I suggested
>> that there is an issue with the frequency of releases, but please
>> feel free.
>
>
On Thu, Jan 19, 2017 at 1:30 PM, Ruediger Pluem wrote:
>
> If they are no-ops as you state in 3. how could they introduce regressions?
They are still a text and code change. Cleaning up a cast, for example may
change the alignment differently between various 32 and 64 bit architectures.
On Thu, Jan 19, 2017 at 6:29 AM, Jim Jagielski wrote:
>
>> On Jan 18, 2017, at 8:35 PM, Eric Covener wrote:
>>
>> On Wed, Jan 18, 2017 at 6:12 PM, William A Rowe Jr
>> wrote:
>>> I'm wondering if there is anyone interested in a regression-fix-only 2.
On Mon, Jan 9, 2017 at 3:48 AM, Graham Leggett wrote:
> On 08 Jan 2017, at 4:45 AM, Leif Hedstrom wrote:
>
>> I ran clang-analyzer against the HTTPD master branch, and it found 126
>> issues. Many of these are benign, but I was curious if the community has any
>> thoughts on this? With another
On Wed, Jan 18, 2017 at 7:35 PM, Eric Covener wrote:
> On Wed, Jan 18, 2017 at 6:12 PM, William A Rowe Jr
> wrote:
>> I'm wondering if there is anyone interested in a regression-fix-only 2.4.26
>> that
>> finally proves to be a workable upgrade for all httpd users
On Tue, Jan 3, 2017 at 2:18 AM, Graham Leggett wrote:
> On 03 Jan 2017, at 2:11 AM, William A Rowe Jr wrote:
>
>> So I'd like to know, in light of a perpetual chain of (often build and/or
>> run-time breaking regression) enhancements, if there is support for a
>>
Really, this is now in the PMC's court. Doug and Aaron designed the BMX
bean structure and module implementation. I'm aware that jfc's crew has
also been a consumer of the module, so it already falls into that multi-vendor,
multi-use case scenario.
I'll leave this to them to advocate for httpd ado
Before we push this at users.. is there a concern that brotoli compression
has similar dictionary or simply size based vulnerabilities as deflate?
If so, maybe we teach both to step out of the way when SSL encryption
filters are in place?
On Jan 16, 2017 10:14, "Jim Jagielski" wrote:
> Just a h
On Sat, Jan 14, 2017 at 1:05 PM, Stefan Sperling wrote:
> On Sat, Jan 14, 2017 at 07:15:29PM +0100, Dirk-Willem van Gulik wrote:
>> In fact - that may be a nice feature - an, essential, empheral port.
>
> Would that work for web servers behind firewalls?
Most configured in that scenario need pinh
On Sat, Jan 14, 2017 at 12:15 PM, Dirk-Willem van Gulik
wrote:
>
> On 14 Jan 2017, at 19:05, William A Rowe Jr wrote:
>
> Any mod_letsencrypt can provision the certs but needs to do so
> while still root, before servicing requests (although there could be
> some bounce-step wh
On Sat, Jan 14, 2017 at 10:22 AM, Eric Covener wrote:
> On Sat, Jan 14, 2017 at 11:19 AM, Eric Covener wrote:
>>
>> I think if a feature/directive will turn on something that will write
>> to configured keystores, it really shouldn't do or dictate much else.
>
> Poorly phrased, but I think obtain
On Mon, Jan 9, 2017 at 12:21 PM, William A Rowe Jr wrote:
>
> +/-1
> [ ] Release 2.2.32 as legacy GA
With more than sufficient numbers of PMC votes and a significant
number of non-binding votes, all +1 and no -1 objections,
This vote passes.
Shifting artifacts to the releases tree f
On Mon, Jan 9, 2017 at 12:21 PM, William A Rowe Jr wrote:
>
> Your votes, please?
>
> +/-1
> [+1] Release 2.2.32 as legacy GA
Looking good on some of the ancient OS's, no regressions uncovered on
RHEL5 on s390[x], ppc[64] and intel, Solaris 10.x on sparc and intel,
HPUX
On Thu, Jan 12, 2017 at 10:54 AM, Yann Ylavic wrote:
> On Thu, Jan 12, 2017 at 5:32 PM, William A Rowe Jr
> wrote:
>>>
>>> + So the only fix allowing us to use PCRE 10 in httpd 2.4 would be to
>>> write
>>> + this as a thread safe sto
On Mon, Jan 9, 2017 at 10:12 AM, wrote:
> Author: wrowe
> Date: Mon Jan 9 16:12:53 2017
> New Revision: 1778004
>
> PATCHES/ISSUES THAT ARE BEING WORKED
>[ New entried should be added at the START of the list ]
> @@ -275,6 +273,27 @@ PATCHES/ISSUES THAT ARE BEING WORKED
> (& also,
On Tue, Jan 10, 2017 at 6:53 PM, wrote:
> Author: wrowe
> Date: Wed Jan 11 00:53:47 2017
> New Revision: 17757
>
> Log:
> Not really sure if 'httpoxy' falls in this category
We call out "security defects", httpoxy is not a (web server) defect,
so my inclination
is to call out "security defects a
On Wed, Jan 11, 2017 at 10:16 AM, Dale Ghent wrote:
>
> Not a voting member, but dropping by to say that this is compiling and
> working fine on OmniOS.
Just a reminder, whether it's a binding vote or just commentary, votes from
those beyond the usual suspects/PMC are always warmly welcomed!
Th
As this seems (once applied to 2.4) to be an accepted part of the overall patch,
Yann you might want to add this to the merge/backport patch branches as part
of our overall, recommended patches against 2.2/2.4.
On Mon, Jan 9, 2017 at 9:53 AM, wrote:
> Author: wrowe
> Date: Mon Jan 9 15:53:52
The pre-release candidate tarballs of Apache legacy httpd 2.2.32
can be found in;
http://httpd.apache.org/dev/dist/
Thanks to all for patches and reviews to get us to this point.
STATUS file is updated to reflect end of maintenance Jul 1 '17.
Your votes, please?
+/-1
[ ] Release 2.2.32 as legac
Several times a year, we get offers or full dumps of programmatic static
code analysis.
We have, for decades, rejected it all, and invited reporters to bring
specific analysis of actually problematic cases back to the list (or
security@, as applicable.)
If anyone is interested, we consistently in
On Sat, Jan 7, 2017 at 2:30 AM, Reindl Harald wrote:
> * Apache Trafficserver in front
> * ATS configured for TLS-offloading
> * connection to backend-httpd on the LAN unencrypted
> * mod_remoteip correctly configured on backend httpd
>
> is there any way to make the backend php application aware
This was the patch Victor was asking if you would verify...
http://home.apache.org/~ylavic/patches/httpd-2.2.x-r1753592.patch
That should be resolving the late declaration bug.
On Fri, Jan 6, 2017 at 8:18 PM, NormW wrote:
> G/A
> I'm building the 2.2.x svn source tree, not a tag...
> Norm
>
>
>
On Fri, Jan 6, 2017 at 6:51 PM, Yann Ylavic wrote:
> On Thu, Jan 5, 2017 at 12:39 PM, wrote:
>> Author: ylavic
>> Date: Thu Jan 5 11:39:58 2017
>> New Revision: 1777453
>>
>> URL: http://svn.apache.org/viewvc?rev=1777453&view=rev
>> Log:
>> Promote r1753592 as showstopper, since it also fixes b
Great catch, thanks Norm. That too is part of the r1753592 backport
proposal, hoping someone is willing to look at these proposals.
On Fri, Jan 6, 2017 at 6:31 PM, NormW wrote:
> G/M
> Did a test build of the 2.2.x tree and all builds nicely with exception of
> the following; if release is 'in
Folks,
Since there are many fewer pairs of eyeballs on this branch, I've completed
builds across Linux, Windows, Solaris and HPUX (and trying to salvage my
AIX environment that went sideways). One of my $dayjob teammates offered
to jump in, so he's been able to review 2.2.32-dev plus the followin
On Fri, Jan 6, 2017 at 11:44 AM, Eric Covener wrote:
> On Fri, Jan 6, 2017 at 12:06 PM, Jacob Champion wrote:
>>> Modified:
>>> httpd/httpd/trunk/modules/http/http_filters.c
>>>
>>> Modified: httpd/httpd/trunk/modules/http/http_filters.c
>>> URL:
>>> http://svn.apache.org/viewvc/httpd/httpd/t
On Fri, Dec 16, 2016 at 1:22 PM, William A Rowe Jr wrote:
> On Fri, Dec 16, 2016 at 12:57 PM, William A Rowe Jr
> wrote:
>>
>> So today's primary bogus result is courtesy of is due to leaving
>> public headers hiding in modules/class/*.h paths for our builds.
On Thu, Jan 5, 2017 at 5:14 PM, Yann Ylavic wrote:
> On Thu, Jan 5, 2017 at 11:49 PM, Yann Ylavic wrote:
>>
>> But if any of you fears a possible regression for older 2.2.x apps (I
>> see now that Eric included a test, I personnaly tested it this
>> afternoon with a custom integration suite too),
On Thu, Jan 5, 2017 at 4:05 PM, Eric Covener wrote:
> Do we want this for the 2.2 release?
I don't feel strongly about this.
It is such an unusual edge case (I believe Yann pointed out it was a custom
module he was working around) that it should rarely be seen in the wild.
I'd be fine if we wan
On Thu, Jan 5, 2017 at 12:50 PM, Jacob Champion wrote:
> On 01/04/2017 11:55 AM, Graham Leggett wrote:
>>
>> On 04 Jan 2017, at 8:37 PM, Jacob Champion wrote:
>>>
>>> So, there's 3k of the 20k. And remember, my point was that we can
>>> fix what I call "dead code" with good old fashioned legwork.
On Thu, Jan 5, 2017 at 3:03 AM, Yann Ylavic wrote:
> On Thu, Jan 5, 2017 at 3:02 AM, Eric Covener wrote:
>>
>> 2.2 running clean under test suite for me on Linux.
>
> Same here, thanks Eric for backporting.
>
> PS: I had to apply the OPENSSL_NO_SSL3 patch for my debian
> (libssl-1.0.2) to compile
On Tue, Jan 3, 2017 at 1:32 PM, Jacob Champion wrote:
> On 12/29/2016 08:16 PM, David Zuelke wrote:
>>
>> The tl;dr of this approach is that
>>
>> - any x.y.z release only introduces bugfixes. These releases are done
>> every four weeks, like clockwork. If a fix doesn't make the cut for a
>> relea
To your questions of history;
On Wed, Jan 4, 2017 at 12:37 PM, Jacob Champion wrote:
>
> 3) mod_apreq2
>
> 1000 lines, added in 2011, no meaningful code changes since addition, no
> tests, no documented public release of libapreq2 since 2010. (It does have
> public documentation. And it seems lik
On Wed, Jan 4, 2017 at 11:12 AM, Yann Ylavic wrote:
>
> This would work for me (on the proxy side), too.
> The patch (attached) is a bit longer, but still reasonable IMHO.
> WDYT?
Not understanding if (!header->key) { continue; } - why success if there is
a dead ': UnnamedValue' entry in the outp
On Wed, Jan 4, 2017 at 9:47 AM, Graham Leggett wrote:
> On 04 Jan 2017, at 3:16 PM, William A Rowe Jr wrote:
>
>>> Can you give us an example of this dead code?
>>
>> svn diff --ignore-properties --no-diff-deleted -x --ignore-all-space
>> https://svn.apache.org/r
On Wed, Jan 4, 2017 at 7:21 AM, William A Rowe Jr wrote:
> On Wed, Jan 4, 2017 at 6:57 AM, Yann Ylavic wrote:
>> I'm using a (third-party/closed) module which replaces newlines in
>> header values (like base64 encoded PEMs) with obs-fold.
>
> If we accept obs-fold from
On Wed, Jan 4, 2017 at 6:57 AM, Yann Ylavic wrote:
> I'm using a (third-party/closed) module which replaces newlines in
> header values (like base64 encoded PEMs) with obs-fold.
> That's probably obsolete, but not forbidden per se...
Actually, it is, c.f. 3.2.4 of RFC 7230
[...] This specific
On Wed, Jan 4, 2017 at 2:13 AM, Graham Leggett wrote:
> On 03 Jan 2017, at 10:47 PM, Jacob Champion wrote:
>
>> I don't feel that trunk is a dead branch, but I do think there is dead code
>> in trunk.
>
> Can you give us an example of this dead code?
svn diff --ignore-properties --no-diff-delet
On Tue, Jan 3, 2017 at 7:04 PM, Noel Butler wrote:
>
> On 03/01/2017 23:11, Jim Jagielski wrote:
>
> Back in the "old days" we used to provide complimentary builds
> for some OSs... I'm not saying we go back and do that necessarily,
> but maybe also providing easily consumable other formats when w
On Tue, Jan 3, 2017 at 11:04 AM, William A Rowe Jr wrote:
> On Tue, Jan 3, 2017 at 9:55 AM, Eric Covener wrote:
>> I am not completely following how the branch or patch were assembled,
>> but I am seeing a failure that is missing content from the initial
>> trunk work (1426
On Tue, Jan 3, 2017 at 9:55 AM, Eric Covener wrote:
> I am not completely following how the branch or patch were assembled,
> but I am seeing a failure that is missing content from the initial
> trunk work (1426877)
> that was also in the initial 2.4.x backport (1772678).
>
> It is causing frequen
On Jan 3, 2017 07:11, "Jim Jagielski" wrote:
Back in the "old days" we used to provide complimentary builds
for some OSs... I'm not saying we go back and do that necessarily,
but maybe also providing easily consumable other formats when we
do a release, as a "service" to the community might make
On Jan 3, 2017 02:19, "Graham Leggett" wrote:
Can you clarify the problem you’re trying to solve?
v3.0 and v2.6 are just numbers. For modest changes, we move to v2.6. For a
very large architecture change (for example, the addition of filters in
v1.x to v2.x), we move to 3.0.
Is there a very la
On Mon, Jan 2, 2017 at 11:49 PM, Eric Covener wrote:
> On Mon, Jan 2, 2017 at 11:48 PM, William A Rowe Jr
> wrote:
>> So, Jacob and I... He did most of the grunt work, I only pushed off the
>> underlying premise... Have a very very long list of real and potential
>> secu
So, Jacob and I... He did most of the grunt work, I only pushed off the
underlying premise... Have a very very long list of real and potential
security patches.
I am asking publicly of (often obstanant) httpd pmc folks, do we proceed
without a 2.2 mitigation? Those in the know, already know.
Happ
So far, discussions are polarized on a single axis...
East: Let's work on 3.0; whatever is going on in 2.4 won't distract me, I
won't spend time reviewing enhancements, because 3.0 is the goal.
West: Let's keep the energy going on 2.4 enhancements, I won't spend time
on 3.0 usability because it i
On Dec 30, 2016 14:55, "Stefan Fritsch" wrote:
Hi,
it's quite rare that I have a bit of time for httpd nowadays. But I want to
comment on a mail that Jacob Champion wrote on -security that contains some
valid points about the lack of our test framework. I am posting this to -dev
with his permis
e.org/thread.html/28e660f38d945216d9d0bb4cba3e1b
> 4336a4c5051a46f17c8f99a0f0@%3Cdev.httpd.apache.org%3E
>
>
> --
> Daniel Ruggeri
>
> On 12/30/2016 8:00 PM, William A Rowe Jr wrote:
> > -1 (yes, veto.)
> >
> > In general, as the original author of this particul
On Dec 30, 2016 06:20, wrote:
Author: druggeri
Date: Fri Dec 30 14:20:48 2016
New Revision: 1776575
URL: http://svn.apache.org/viewvc?rev=1776575&view=rev
Log:
Merge new PROXY protocol code into mod_remoteip
Modified:
httpd/httpd/trunk/docs/log-message-tags/next-number
httpd/httpd/trunk
On Thu, Dec 29, 2016 at 8:23 AM, Jim Jagielski wrote:
>
>> On Dec 28, 2016, at 6:28 PM, William A Rowe Jr wrote:
>>
>> Because fixing r->uri is such a priority, trust that I'll be voting every
>> 2.6 candidate a -1 until it exists. I don't know why the or
t is fixed now.
Thanks for the heads-up!
>> On Dec 28, 2016, at 5:49 PM, William A Rowe Jr wrote:
>>
>> Hi Jim,
>>
>> Talk to Google and the OpenOffice Team, that was a paste from OpenOffice
>> Calc.
>>
>> I'll be happy to start summarizing as
)].
>
(Again, it's gmail, /shrug. I can attempt to undecorate but doubt I'm
moving to a local client/mail store again. If anyone has good gmail
formatting tips for their default settings, I'd love a pointer.)
> On Thu, Dec 29, 2016 at 12:28 AM, William A Rowe Jr
> wro
On Dec 24, 2016 08:32, "Eric Covener" wrote:
> I'm not saying we don't do one so we can do the other; I'm
> saying we do both, at the same time, in parallel. I still
> don't understand why that concept is such an anathema to some
> people.
I also worry about our ability to deliver a 3.0 with eno
On Dec 24, 2016 07:57, "Jim Jagielski" wrote:
> On Dec 24, 2016, at 8:29 AM, Rich Bowen wrote:
>
> On 12/23/2016 03:52 PM, Jim Jagielski wrote:
>> Personally, I don't think that backporting stuff to
>> 2.4 prevents or disallows development on 2.6/3.0. In
>> fact, I think it helps. We can easily
On Dec 28, 2016 10:34, "William A Rowe Jr" wrote:
Specific
Revision
Of all Most
Recent
Of m.m Of all
Apache/1.3.x 391898 3.33% 1.3.42 42392 10.82% 0.36%
Apache/2.0.x 551117 4.68% 2.0.64 36944 6.70% 0.31%
Apache/2.2.x 7129391 60.49% 2.2.31 1332448 18.78% 11.31%
Apache/2.4.x 3713364 31.
not (doesn't
> look like it) but could you fix your Email client? It's impossible to
> reply and have the quoted parts parsed out correctly. I think
> it's to do w/ your messages being RTF or something.
>
> Thx!
>
> Included is an example of how a Reply misses quot
On Wed, Dec 28, 2016 at 9:13 AM, Jim Jagielski wrote:
> cPanel too... They are moving to EA4 which is Apache 2.4.
>
If not moved yet, that example wouldn't be helpful, it reinforces my point
four years later. But EA itself seems to track pretty closely to the most
contemperanious versions, looks
On Wed, Dec 28, 2016 at 9:05 AM, Jan Ehrhardt wrote:
> William A Rowe Jr in gmane.comp.apache.devel (Tue, 27 Dec 2016 23:35:50
> -0600):
> >But the vast majority of httpd, nginx, and yes - even IIS
> >users are all running what they were handed from their
> >OS
On Fri, Dec 23, 2016 at 2:52 PM, Jim Jagielski wrote:
>
> As I have also stated, my personal belief is that
> 2.4 is finally reaching some traction, and if we
> "turn off" development/enhancement of 2.4, we will
> stop the uptake of 2.4 in its track.
This is where I think we have a disconnect.
On Dec 23, 2016 9:58 PM, "Jim Jagielski" wrote:
Well, since I am actively working on trunk, I am obviously interested in
seeing continued work being done on it and the work being usable to our
users in a timely fashion. Since backports to 2.2 have not affected work on
2.4 or trunk, it is obvious
Just a couple quick thoughts...
On Dec 23, 2016 2:55 PM, "Jim Jagielski" wrote:
As I have also stated, my personal belief is that
2.4 is finally reaching some traction, and if we
"turn off" development/enhancement of 2.4, we will
stop the uptake of 2.4 in its track.
I think you might be misco
On Fri, Dec 23, 2016 at 2:20 PM, Jim Jagielski wrote:
> For me, it would be moving as much as we can from
> trunk to 2.4
-1. To echo your frequent use of media to emphasize
the point, with a song nearly as old as us;
https://www.youtube.com/watch?v=EsCyC1dZiN8
Next step is to actually end enha
On Fri, Dec 9, 2016 at 8:03 AM, Jim Jagielski wrote:
>
> > On Dec 9, 2016, at 12:20 AM, William A Rowe Jr
> wrote:
> >
> > On Thu, Dec 8, 2016 at 12:16 PM, William A Rowe Jr
> wrote:
> >
> > @VP Legal, is this worth an escalation? You didn't see
On Thu, Dec 22, 2016 at 6:00 PM, Yann Ylavic wrote:
> On Thu, Dec 22, 2016 at 8:20 PM, wrote:
> > Author: wrowe
> > Date: Thu Dec 22 19:20:25 2016
> > New Revision: 1775705
> >
> > URL: http://svn.apache.org/viewvc?rev=1775705&view=rev
> > Log:
> > Backports: r1185385
> > Submitted by: sf
> > D
601 - 700 of 6469 matches
Mail list logo
