Re: release apreq 2.18 and mothball the project

[Raymond Field via dev]

Will apreq 2.18 still be released?

On 16/02/2024 09:44, Joe Orton wrote:

Joe, you've been warned before to moderate your language. This ends now.

It is completely unacceptable to insult other members of the community
like this one time, let alone repeatedly. It is unproductive,
unprofessional, and in violation of the ASF code of conduct. I've taken
the decision as PMC chair to remove you from dev@ and you are now banned
from posting in the future.

- Project Chair of HTTP Server, Joe Orton

Re: release apreq 2.18 and mothball the project

[Joe Orton]

Joe, you've been warned before to moderate your language. This ends now.

It is completely unacceptable to insult other members of the community 
like this one time, let alone repeatedly. It is unproductive, 
unprofessional, and in violation of the ASF code of conduct. I've taken 
the decision as PMC chair to remove you from dev@ and you are now banned 
from posting in the future.

- Project Chair of HTTP Server, Joe Orton

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

The mediocre talent pool in this community doesn’t mind the code
duplication of having many different form data parsers inside a common code
base because, really, collaboration and common cause is not your thing.

So live it up with the user base while they ponder your architectural
rationales like this guy does:

https://stackoverflow.com/questions/60281807/get-post-request-body-and-decode-using-mod-lua-apache-http-2-4



Joe Schaefer, Ph.D.

Orion - The Enterprise Jamstack Wiki 

954.253.3732 




On Thu, Feb 15, 2024 at 8:47 PM Joe Schaefer  wrote:

> Stupid shit like this is everyone's problem:
>
> https://www.tenable.com/plugins/nessus/161454
>
> Hating me for solving it cleanly is par for the course for the current
> httpd committer community.
>
> On Thu, Feb 15, 2024 at 8:41 PM Joe Schaefer  wrote:
>
>> Back in the day, httpd was a celebrated integration point for dozens of
>> apache projects. Literally the flagship of the organization.
>>
>> It's also why people were judicious about what to include in core, versus
>> codebases remaining elsewhere in the org as third party modules.
>>
>> Of course at this point, there's no good reason to hook a dynamic
>> language into core in a non-thread-safe way.  Yet mod_lua exists.
>> If there's no good reason to hook a thread-safe httpd-specific HTML form
>> parser technology into the mix, what is mod_dav doing in here?
>>
>> The obvious answer is because peevishness rules the day at Apache.  Very
>> Important People's pet projects have staying power, not because users
>> demand it, but because the personalities behind them would give you serious
>> shit for discarding the module on a whim.
>>
>> All I ask for is to be able to bow out and never return to this group
>> again.
>>
>>
>>
>> On Thu, Feb 15, 2024 at 8:20 PM Joe Schaefer  wrote:
>>
>>> The proof is in the pudding, as it were.
>>>
>>> There's prima facia evidence in this very thread that he lied about ever
>>> running the test suite for apreq, because Joe wouldn't have had to patch it
>>> for him 8 months later had he ever bothered in the first place.
>>>
>>> But when everyone around you is no better than that, there's
>>> participation trophies for all of you!
>>>
>>> On Thu, Feb 15, 2024 at 8:17 PM Eric Covener  wrote:
>>>
 > And because you are such a prima donna Yann

 Yann is an amazing programmer and super easy to work with. Maybe it's
 hard to tell from the backseat.

>>>

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

Stupid shit like this is everyone's problem:

https://www.tenable.com/plugins/nessus/161454

Hating me for solving it cleanly is par for the course for the current
httpd committer community.

On Thu, Feb 15, 2024 at 8:41 PM Joe Schaefer  wrote:

> Back in the day, httpd was a celebrated integration point for dozens of
> apache projects. Literally the flagship of the organization.
>
> It's also why people were judicious about what to include in core, versus
> codebases remaining elsewhere in the org as third party modules.
>
> Of course at this point, there's no good reason to hook a dynamic language
> into core in a non-thread-safe way.  Yet mod_lua exists.
> If there's no good reason to hook a thread-safe httpd-specific HTML form
> parser technology into the mix, what is mod_dav doing in here?
>
> The obvious answer is because peevishness rules the day at Apache.  Very
> Important People's pet projects have staying power, not because users
> demand it, but because the personalities behind them would give you serious
> shit for discarding the module on a whim.
>
> All I ask for is to be able to bow out and never return to this group
> again.
>
>
>
> On Thu, Feb 15, 2024 at 8:20 PM Joe Schaefer  wrote:
>
>> The proof is in the pudding, as it were.
>>
>> There's prima facia evidence in this very thread that he lied about ever
>> running the test suite for apreq, because Joe wouldn't have had to patch it
>> for him 8 months later had he ever bothered in the first place.
>>
>> But when everyone around you is no better than that, there's
>> participation trophies for all of you!
>>
>> On Thu, Feb 15, 2024 at 8:17 PM Eric Covener  wrote:
>>
>>> > And because you are such a prima donna Yann
>>>
>>> Yann is an amazing programmer and super easy to work with. Maybe it's
>>> hard to tell from the backseat.
>>>
>>

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

Back in the day, httpd was a celebrated integration point for dozens of
apache projects. Literally the flagship of the organization.

It's also why people were judicious about what to include in core, versus
codebases remaining elsewhere in the org as third party modules.

Of course at this point, there's no good reason to hook a dynamic language
into core in a non-thread-safe way.  Yet mod_lua exists.
If there's no good reason to hook a thread-safe httpd-specific HTML form
parser technology into the mix, what is mod_dav doing in here?

The obvious answer is because peevishness rules the day at Apache.  Very
Important People's pet projects have staying power, not because users
demand it, but because the personalities behind them would give you serious
shit for discarding the module on a whim.

All I ask for is to be able to bow out and never return to this group again.



On Thu, Feb 15, 2024 at 8:20 PM Joe Schaefer  wrote:

> The proof is in the pudding, as it were.
>
> There's prima facia evidence in this very thread that he lied about ever
> running the test suite for apreq, because Joe wouldn't have had to patch it
> for him 8 months later had he ever bothered in the first place.
>
> But when everyone around you is no better than that, there's participation
> trophies for all of you!
>
> On Thu, Feb 15, 2024 at 8:17 PM Eric Covener  wrote:
>
>> > And because you are such a prima donna Yann
>>
>> Yann is an amazing programmer and super easy to work with. Maybe it's
>> hard to tell from the backseat.
>>
>

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

The proof is in the pudding, as it were.

There's prima facia evidence in this very thread that he lied about ever
running the test suite for apreq, because Joe wouldn't have had to patch it
for him 8 months later had he ever bothered in the first place.

But when everyone around you is no better than that, there's participation
trophies for all of you!

On Thu, Feb 15, 2024 at 8:17 PM Eric Covener  wrote:

> > And because you are such a prima donna Yann
>
> Yann is an amazing programmer and super easy to work with. Maybe it's hard
> to tell from the backseat.
>

Re: release apreq 2.18 and mothball the project

[Eric Covener]

> And because you are such a prima donna Yann

Yann is an amazing programmer and super easy to work with. Maybe it's hard
to tell from the backseat.

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

 The nightmare scenario is when you try to support HTTP/3 when you can’t
even support an HTML form parser.

Have an appropriate amount of fun. Popcorn is popping.

Joe Schaefer, Ph.D.

Orion - The Enterprise Jamstack Wiki 

954.253.3732 




On Thu, Feb 15, 2024 at 7:36 PM Joe Schaefer  wrote:

> The reason the QA around httpd is so lousy lately is because none of you
> actually dogfood the software professionally, because no Fortune 500
> employer would be caught dead running httpd over nginx in the cloud.
>
> That historically lackadaisical approach to CI has no business persisting
> now that you are on GitHub.
>
> And yet it persists.
>
> It also is why you guinea pig your user base instead of respecting them,
> because you aren’t a part of that community any more.
>
> And it shows with each new dud delivered to the apreq user base over the
> past decade.
>
> So let’s end this fiasco ASAP.
>
> Joe Schaefer, Ph.D.
> 
> Orion - The Enterprise Jamstack Wiki
> 
> 
> 954.253.3732 
>
>
>
>
> On Thu, Feb 15, 2024 at 7:08 PM Joe Schaefer  wrote:
>
>> Keep your tone policing off list wise guy. If you have something of
>> substance to offer to your colleagues other than defensive posturing, let’s
>> have it.
>>
>> Like all these vacuous bug reports missing from the issue tracker about
>> apreq, that you rumor mongers like to scare people with.
>>
>> Joe Schaefer, Ph.D.
>> 
>> Orion - The Enterprise Jamstack Wiki
>> 
>> 
>> 954.253.3732 
>>
>>
>>
>>
>> On Thu, Feb 15, 2024 at 7:03 PM Frank Gingras  wrote:
>>
>>>
>>>
>>> On Thu, Feb 15, 2024 at 5:47 PM Joe Schaefer  wrote:
>>>
 Nobody gives a flying f what you released from trunk. I personally will
 be dead and buried before you release httpd 3.0.  So like you I don’t give
 a damned what you do with it.

 I just want the warfare against existing libapreq2 users to cease and
 desist.

 If there are known vulnerabilities in the existing codebase, you have a
 professional obligation to report them to the security team, who have
 assured me they will send them my way for proper handling by a competent
 engineer.

 None have been forthcoming, so that’s reason to release 2.18 as-is and
 mothball the subproject so we need not deal with each other again over it.

 Thanks

 Joe Schaefer, Ph.D.
 
 Orion - The Enterprise Jamstack Wiki
 
 
 954.253.3732 




 On Thu, Feb 15, 2024 at 5:17 PM Eric Covener  wrote:

> On Wed, Feb 14, 2024 at 11:57 PM Joe Schaefer 
> wrote:
>
>> Twenty years in core, with one bug to fix.
>> And you couldn’t even manage without three different botched releases.
>>
>
> I think you are mixing up apreq and httpd releases here.
> AIUI the apreq stuff in the core of httpd-trunk has only ever been in
> one alpha release, and predates the regression.
>
> I'll keep any advice about an apreq release to myself, good luck and
> please be mindful of the CoC
> https://www.apache.org/foundation/policies/conduct
>
>
>>> Respectfully, the tone of that response was unwarranted. There are
>>> better ways to express your opinion that don't require attacks, and
>>> cynicism.
>>>
>>

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

The reason the QA around httpd is so lousy lately is because none of you
actually dogfood the software professionally, because no Fortune 500
employer would be caught dead running httpd over nginx in the cloud.

That historically lackadaisical approach to CI has no business persisting
now that you are on GitHub.

And yet it persists.

It also is why you guinea pig your user base instead of respecting them,
because you aren’t a part of that community any more.

And it shows with each new dud delivered to the apreq user base over the
past decade.

So let’s end this fiasco ASAP.

Joe Schaefer, Ph.D.

Orion - The Enterprise Jamstack Wiki 

954.253.3732 




On Thu, Feb 15, 2024 at 7:08 PM Joe Schaefer  wrote:

> Keep your tone policing off list wise guy. If you have something of
> substance to offer to your colleagues other than defensive posturing, let’s
> have it.
>
> Like all these vacuous bug reports missing from the issue tracker about
> apreq, that you rumor mongers like to scare people with.
>
> Joe Schaefer, Ph.D.
> 
> Orion - The Enterprise Jamstack Wiki
> 
> 
> 954.253.3732 
>
>
>
>
> On Thu, Feb 15, 2024 at 7:03 PM Frank Gingras  wrote:
>
>>
>>
>> On Thu, Feb 15, 2024 at 5:47 PM Joe Schaefer  wrote:
>>
>>> Nobody gives a flying f what you released from trunk. I personally will
>>> be dead and buried before you release httpd 3.0.  So like you I don’t give
>>> a damned what you do with it.
>>>
>>> I just want the warfare against existing libapreq2 users to cease and
>>> desist.
>>>
>>> If there are known vulnerabilities in the existing codebase, you have a
>>> professional obligation to report them to the security team, who have
>>> assured me they will send them my way for proper handling by a competent
>>> engineer.
>>>
>>> None have been forthcoming, so that’s reason to release 2.18 as-is and
>>> mothball the subproject so we need not deal with each other again over it.
>>>
>>> Thanks
>>>
>>> Joe Schaefer, Ph.D.
>>> 
>>> Orion - The Enterprise Jamstack Wiki
>>> 
>>> 
>>> 954.253.3732 
>>>
>>>
>>>
>>>
>>> On Thu, Feb 15, 2024 at 5:17 PM Eric Covener  wrote:
>>>
 On Wed, Feb 14, 2024 at 11:57 PM Joe Schaefer 
 wrote:

> Twenty years in core, with one bug to fix.
> And you couldn’t even manage without three different botched releases.
>

 I think you are mixing up apreq and httpd releases here.
 AIUI the apreq stuff in the core of httpd-trunk has only ever been in
 one alpha release, and predates the regression.

 I'll keep any advice about an apreq release to myself, good luck and
 please be mindful of the CoC
 https://www.apache.org/foundation/policies/conduct


>> Respectfully, the tone of that response was unwarranted. There are better
>> ways to express your opinion that don't require attacks, and cynicism.
>>
>

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

Keep your tone policing off list wise guy. If you have something of
substance to offer to your colleagues other than defensive posturing, let’s
have it.

Like all these vacuous bug reports missing from the issue tracker about
apreq, that you rumor mongers like to scare people with.

Joe Schaefer, Ph.D.

Orion - The Enterprise Jamstack Wiki 

954.253.3732 




On Thu, Feb 15, 2024 at 7:03 PM Frank Gingras  wrote:

>
>
> On Thu, Feb 15, 2024 at 5:47 PM Joe Schaefer  wrote:
>
>> Nobody gives a flying f what you released from trunk. I personally will
>> be dead and buried before you release httpd 3.0.  So like you I don’t give
>> a damned what you do with it.
>>
>> I just want the warfare against existing libapreq2 users to cease and
>> desist.
>>
>> If there are known vulnerabilities in the existing codebase, you have a
>> professional obligation to report them to the security team, who have
>> assured me they will send them my way for proper handling by a competent
>> engineer.
>>
>> None have been forthcoming, so that’s reason to release 2.18 as-is and
>> mothball the subproject so we need not deal with each other again over it.
>>
>> Thanks
>>
>> Joe Schaefer, Ph.D.
>> 
>> Orion - The Enterprise Jamstack Wiki
>> 
>> 
>> 954.253.3732 
>>
>>
>>
>>
>> On Thu, Feb 15, 2024 at 5:17 PM Eric Covener  wrote:
>>
>>> On Wed, Feb 14, 2024 at 11:57 PM Joe Schaefer 
>>> wrote:
>>>
 Twenty years in core, with one bug to fix.
 And you couldn’t even manage without three different botched releases.

>>>
>>> I think you are mixing up apreq and httpd releases here.
>>> AIUI the apreq stuff in the core of httpd-trunk has only ever been in
>>> one alpha release, and predates the regression.
>>>
>>> I'll keep any advice about an apreq release to myself, good luck and
>>> please be mindful of the CoC
>>> https://www.apache.org/foundation/policies/conduct
>>>
>>>
> Respectfully, the tone of that response was unwarranted. There are better
> ways to express your opinion that don't require attacks, and cynicism.
>

Re: release apreq 2.18 and mothball the project

[Frank Gingras]

On Thu, Feb 15, 2024 at 5:47 PM Joe Schaefer  wrote:

> Nobody gives a flying f what you released from trunk. I personally will be
> dead and buried before you release httpd 3.0.  So like you I don’t give a
> damned what you do with it.
>
> I just want the warfare against existing libapreq2 users to cease and
> desist.
>
> If there are known vulnerabilities in the existing codebase, you have a
> professional obligation to report them to the security team, who have
> assured me they will send them my way for proper handling by a competent
> engineer.
>
> None have been forthcoming, so that’s reason to release 2.18 as-is and
> mothball the subproject so we need not deal with each other again over it.
>
> Thanks
>
> Joe Schaefer, Ph.D.
> 
> Orion - The Enterprise Jamstack Wiki
> 
> 
> 954.253.3732 
>
>
>
>
> On Thu, Feb 15, 2024 at 5:17 PM Eric Covener  wrote:
>
>> On Wed, Feb 14, 2024 at 11:57 PM Joe Schaefer  wrote:
>>
>>> Twenty years in core, with one bug to fix.
>>> And you couldn’t even manage without three different botched releases.
>>>
>>
>> I think you are mixing up apreq and httpd releases here.
>> AIUI the apreq stuff in the core of httpd-trunk has only ever been in one
>> alpha release, and predates the regression.
>>
>> I'll keep any advice about an apreq release to myself, good luck and
>> please be mindful of the CoC
>> https://www.apache.org/foundation/policies/conduct
>>
>>
Respectfully, the tone of that response was unwarranted. There are better
ways to express your opinion that don't require attacks, and cynicism.

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

Nobody gives a flying f what you released from trunk. I personally will be
dead and buried before you release httpd 3.0.  So like you I don’t give a
damned what you do with it.

I just want the warfare against existing libapreq2 users to cease and
desist.

If there are known vulnerabilities in the existing codebase, you have a
professional obligation to report them to the security team, who have
assured me they will send them my way for proper handling by a competent
engineer.

None have been forthcoming, so that’s reason to release 2.18 as-is and
mothball the subproject so we need not deal with each other again over it.

Thanks

Joe Schaefer, Ph.D.

Orion - The Enterprise Jamstack Wiki 

954.253.3732 




On Thu, Feb 15, 2024 at 5:17 PM Eric Covener  wrote:

> On Wed, Feb 14, 2024 at 11:57 PM Joe Schaefer  wrote:
>
>> Twenty years in core, with one bug to fix.
>> And you couldn’t even manage without three different botched releases.
>>
>
> I think you are mixing up apreq and httpd releases here.
> AIUI the apreq stuff in the core of httpd-trunk has only ever been in one
> alpha release, and predates the regression.
>
> I'll keep any advice about an apreq release to myself, good luck and
> please be mindful of the CoC
> https://www.apache.org/foundation/policies/conduct
>
>

Re: release apreq 2.18 and mothball the project

[Eric Covener]

On Wed, Feb 14, 2024 at 11:57 PM Joe Schaefer  wrote:

> Twenty years in core, with one bug to fix.
> And you couldn’t even manage without three different botched releases.
>

I think you are mixing up apreq and httpd releases here.
AIUI the apreq stuff in the core of httpd-trunk has only ever been in one
alpha release, and predates the regression.

I'll keep any advice about an apreq release to myself, good luck and please
be mindful of the CoC https://www.apache.org/foundation/policies/conduct

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

Let's be honest for once Yann. You came up with this hairbrained patch over
2 years ago right here:

https://svn.apache.org/viewvc?view=revision=1895107

Yet the first time anyone actually ran the unit tests for apreq was during
the 2.17 release process **8 months later**.  And because you are such a
prima donna Yann, Joe Orton (who I always respect) would rather remove the
test that flagged your patch, just so he could get the damned thing out the
door without dealing with you further.

Instead, he had to deal with me.   Tradeoffs are everywhere in life.


On Thu, Feb 15, 2024 at 2:41 PM Joe Schaefer  wrote:

> You mean the 2.17 release, where Joe Orton actually patched the test suite
> out of your coercion?
>
> Great engineering.
>
> http://svn.apache.org/viewvc?view=revision=1903489
>
>
> Joe Schaefer, Ph.D.
> 
> Orion - The Enterprise Jamstack Wiki
> 
> 
> 954.253.3732 
>
>
>
>
> On Thu, Feb 15, 2024 at 2:13 PM Yann Ylavic  wrote:
>
>> On Thu, Feb 15, 2024 at 5:12 AM Joe Schaefer wrote:
>> >
>> > I gave you beta males an entire year
>>
>> His Alpha Most Serene Highness is too kind to us..
>>
>> > to find an excuse for completely boning the modperl user community for
>> no good reason,
>>
>> _You_ did that (boning the modperl user community), by spitting your
>> venom on everyone here (and in all the forums) and nothing else.
>> You, as a member of the httpd team, could have fixed it and
>> started/encouraged a new release with the one-liner fix, yet your
>> first/primary point was to insult others for having touched your
>> (alphally broken) code and introduced a (betally edge) regression,
>> which His Alpha Most Serene Highness' test suite didn't caught btw.
>>
>> > So far, the only thing to come of putting apreq inside httpd is that
>> third party quality control teams put some elbow grease into fuzzing its
>> various parsers and found a sore spot that you bland engineers felt put
>> upon to fix.  And so you botched that patch too, largely out of spite for
>> the makework.
>>
>> Actually it did find multiple sore spots, otherwise you can imagine
>> that we plebs would never have dared to touch as much of His Alpha
>> Most Serene Highness' code.
>>
>

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

You mean the 2.17 release, where Joe Orton actually patched the test suite
out of your coercion?

Great engineering.

http://svn.apache.org/viewvc?view=revision=1903489


Joe Schaefer, Ph.D.

Orion - The Enterprise Jamstack Wiki 

954.253.3732 




On Thu, Feb 15, 2024 at 2:13 PM Yann Ylavic  wrote:

> On Thu, Feb 15, 2024 at 5:12 AM Joe Schaefer wrote:
> >
> > I gave you beta males an entire year
>
> His Alpha Most Serene Highness is too kind to us..
>
> > to find an excuse for completely boning the modperl user community for
> no good reason,
>
> _You_ did that (boning the modperl user community), by spitting your
> venom on everyone here (and in all the forums) and nothing else.
> You, as a member of the httpd team, could have fixed it and
> started/encouraged a new release with the one-liner fix, yet your
> first/primary point was to insult others for having touched your
> (alphally broken) code and introduced a (betally edge) regression,
> which His Alpha Most Serene Highness' test suite didn't caught btw.
>
> > So far, the only thing to come of putting apreq inside httpd is that
> third party quality control teams put some elbow grease into fuzzing its
> various parsers and found a sore spot that you bland engineers felt put
> upon to fix.  And so you botched that patch too, largely out of spite for
> the makework.
>
> Actually it did find multiple sore spots, otherwise you can imagine
> that we plebs would never have dared to touch as much of His Alpha
> Most Serene Highness' code.
>

Re: release apreq 2.18 and mothball the project

[Yann Ylavic]

On Thu, Feb 15, 2024 at 5:12 AM Joe Schaefer wrote:
>
> I gave you beta males an entire year

His Alpha Most Serene Highness is too kind to us..

> to find an excuse for completely boning the modperl user community for no 
> good reason,

_You_ did that (boning the modperl user community), by spitting your
venom on everyone here (and in all the forums) and nothing else.
You, as a member of the httpd team, could have fixed it and
started/encouraged a new release with the one-liner fix, yet your
first/primary point was to insult others for having touched your
(alphally broken) code and introduced a (betally edge) regression,
which His Alpha Most Serene Highness' test suite didn't caught btw.

> So far, the only thing to come of putting apreq inside httpd is that third 
> party quality control teams put some elbow grease into fuzzing its various 
> parsers and found a sore spot that you bland engineers felt put upon to fix.  
> And so you botched that patch too, largely out of spite for the makework.

Actually it did find multiple sore spots, otherwise you can imagine
that we plebs would never have dared to touch as much of His Alpha
Most Serene Highness' code.

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

Twenty years in core, with one bug to fix.
And you couldn’t even manage without three different botched releases.

Please, for the love of its users, stop fixing it.

Joe Schaefer, Ph.D.

Orion - The Enterprise Jamstack Wiki 

954.253.3732 




On Wed, Feb 14, 2024 at 11:12 PM Joe Schaefer  wrote:

> Look Eric,
>
> I gave you beta males an entire year to find an excuse for completely
> boning the modperl user community for no good reason, other than your
> precious egos were harmed while going though the motions for the past ten
> years with this project.
>
> So far, the only thing to come of putting apreq inside httpd is that third
> party quality control teams put some elbow grease into fuzzing its various
> parsers and found a sore spot that you bland engineers felt put upon to
> fix.  And so you botched that patch too, largely out of spite for the
> makework.
>
> There’s a reason the Dean Gaudet‘s of the development sector lost interest
> in hanging out with the weenie tot brigade people like Eric represent.
>
> It’s why I want out now too.
>
>
> Joe Schaefer, Ph.D.
> 
> Orion - The Enterprise Jamstack Wiki
> 
> 
> 954.253.3732 
>
>
>
>
> On Wed, Feb 14, 2024 at 10:33 PM Joe Schaefer  wrote:
>
>> Bite me Eric.
>>
>> Next?
>>
>>
>> Joe Schaefer, Ph.D.
>> 
>> Orion - The Enterprise Jamstack Wiki
>> 
>> 
>> 954.253.3732 
>>
>>
>>
>>
>> On Wed, Feb 14, 2024 at 10:25 PM Eric Covener  wrote:
>>
>>> On Wed, Feb 14, 2024 at 1:45 PM Joe Schaefer  wrote:
>>> >
>>> > Assuming Google hasn't found any more fuzzing vulnerabilities with
>>> apreq, we should call the subproject done after releasing it, rolling any
>>> new efforts into httpd's internal copy of the codebase for the next major
>>> release of httpd.
>>> >
>>> > Sound like a plan?  I can get the ball rolling on the RM process
>>> assuming I still have working login (or can reacquire it via pw reset.
>>>
>>> I think another apreq release makes sense.
>>>
>>> But from the few relevant threads over the years (many on private
>>> lists), there seems to be little maintainer support for apreq much
>>> less apreq embedded in httpd. If there ever were a release branched
>>> from trunk, I don't think it's likely the embedded apreq would
>>> survive.  I think it's a big consideration for what's done with the
>>> standalone tree.
>>>
>>

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

Look Eric,

I gave you beta males an entire year to find an excuse for completely
boning the modperl user community for no good reason, other than your
precious egos were harmed while going though the motions for the past ten
years with this project.

So far, the only thing to come of putting apreq inside httpd is that third
party quality control teams put some elbow grease into fuzzing its various
parsers and found a sore spot that you bland engineers felt put upon to
fix.  And so you botched that patch too, largely out of spite for the
makework.

There’s a reason the Dean Gaudet‘s of the development sector lost interest
in hanging out with the weenie tot brigade people like Eric represent.

It’s why I want out now too.

Joe Schaefer, Ph.D.

Orion - The Enterprise Jamstack Wiki 

954.253.3732 




On Wed, Feb 14, 2024 at 10:33 PM Joe Schaefer  wrote:

> Bite me Eric.
>
> Next?
>
>
> Joe Schaefer, Ph.D.
> 
> Orion - The Enterprise Jamstack Wiki
> 
> 
> 954.253.3732 
>
>
>
>
> On Wed, Feb 14, 2024 at 10:25 PM Eric Covener  wrote:
>
>> On Wed, Feb 14, 2024 at 1:45 PM Joe Schaefer  wrote:
>> >
>> > Assuming Google hasn't found any more fuzzing vulnerabilities with
>> apreq, we should call the subproject done after releasing it, rolling any
>> new efforts into httpd's internal copy of the codebase for the next major
>> release of httpd.
>> >
>> > Sound like a plan?  I can get the ball rolling on the RM process
>> assuming I still have working login (or can reacquire it via pw reset.
>>
>> I think another apreq release makes sense.
>>
>> But from the few relevant threads over the years (many on private
>> lists), there seems to be little maintainer support for apreq much
>> less apreq embedded in httpd. If there ever were a release branched
>> from trunk, I don't think it's likely the embedded apreq would
>> survive.  I think it's a big consideration for what's done with the
>> standalone tree.
>>
>

Re: release apreq 2.18 and mothball the project

[Joe Schaefer]

Bite me Eric.

Next?

Joe Schaefer, Ph.D.

Orion - The Enterprise Jamstack Wiki 

954.253.3732 




On Wed, Feb 14, 2024 at 10:25 PM Eric Covener  wrote:

> On Wed, Feb 14, 2024 at 1:45 PM Joe Schaefer  wrote:
> >
> > Assuming Google hasn't found any more fuzzing vulnerabilities with
> apreq, we should call the subproject done after releasing it, rolling any
> new efforts into httpd's internal copy of the codebase for the next major
> release of httpd.
> >
> > Sound like a plan?  I can get the ball rolling on the RM process
> assuming I still have working login (or can reacquire it via pw reset.
>
> I think another apreq release makes sense.
>
> But from the few relevant threads over the years (many on private
> lists), there seems to be little maintainer support for apreq much
> less apreq embedded in httpd. If there ever were a release branched
> from trunk, I don't think it's likely the embedded apreq would
> survive.  I think it's a big consideration for what's done with the
> standalone tree.
>

Re: release apreq 2.18 and mothball the project

[Eric Covener]

On Wed, Feb 14, 2024 at 1:45 PM Joe Schaefer  wrote:
>
> Assuming Google hasn't found any more fuzzing vulnerabilities with apreq, we 
> should call the subproject done after releasing it, rolling any new efforts 
> into httpd's internal copy of the codebase for the next major release of 
> httpd.
>
> Sound like a plan?  I can get the ball rolling on the RM process assuming I 
> still have working login (or can reacquire it via pw reset.

I think another apreq release makes sense.

But from the few relevant threads over the years (many on private
lists), there seems to be little maintainer support for apreq much
less apreq embedded in httpd. If there ever were a release branched
from trunk, I don't think it's likely the embedded apreq would
survive.  I think it's a big consideration for what's done with the
standalone tree.

release apreq 2.18 and mothball the project

[Joe Schaefer]

Assuming Google hasn't found any more fuzzing vulnerabilities with apreq,
we should call the subproject done after releasing it, rolling any new
efforts into httpd's internal copy of the codebase for the next major
release of httpd.

Sound like a plan?  I can get the ball rolling on the RM process assuming I
still have working login (or can reacquire it via pw reset.

-- 
Joe Schaefer, Ph.D.

Orion - The Enterprise Jamstack Wiki 

954.253.3732