You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rob Hartill <ha...@ooo.lanl.gov> on 1995/03/15 21:21:24 UTC
patch list vote
Here are my votes for the current patch list shown at
http://www.hyperreal.com/httpd/patchgen/list.cgi
I'll use a vote of
-1 have a problem with it
0 haven't tested it yet (failed to understand it or whatever)
+1 tried it, liked it, have no problem with it.
B1: The stack-scribbling security hole
vote: +1 (when used with David's config mallocs)
-1 (when used without " " ")
B2: SO_LINGER set on client sockets
vote: +1 (I didn't know what the problem was, but I'm happy with
the explanations I've seen)
B3: Server always pauses 3 seconds for scripts
vote: -1 (this patch is redundant)
B4: <!--#config timefmt --> server-side include doesn't always take
vote: -1 (I've seen conflicting patches for this, I need to
look more carefully at both "solutions"
Nicholas forwarded a multi-line patch.
Robert Evans has a 1 line patch.
B5: XBITHACK not honored on (!--#include--)ed files
vote: 0 (I've looked at it, but didn't think while looking)
B6: access files written w/o O_APPEND
vote: 0 (I haven't seen any code for this yet)
B7: Allow directive redundant
vote: +1 (if that's in "patch.allow_then_deny")
vote: 0 (otherwsie)
B8: numeric UID fails unless UID in passwd file
vote: 0 (haven't seen code)
P9: initgroups() done once per connection
vote: +1
P10: MIME headers read 1 character at a time
vote: 0 (haven't seen code)
P11: open_locale() and tzset() done once per connect
vote: +1
P12: Shared-memory name server cache
vote: -1 (couldn't compile it on HP-UX)
P14: DBM-based user databases for HTTP authentication
vote: 0 (haven't seen code)
E15: add new CGI variables
vote: -1 (need to discuss consequences on CGI spec)
E16: Allow any URL to invoke a script
vote: 0 (haven't seen the code)
vote: -1 (if it isn't a compile time option)
B17: raise queue size in listen()
vote: -1 (there are kernel issues here, I have no argument with
the patch, but I'd like to see it more portable first)
B18: Status; 302 should work, and doesn't
vote: +1
B19: Embedded blanks in headers don't work
vote: 0 (haven't seen the code)
E20: Add multi-homed server support
vote: 0 (haven't seen the code)
O21: 'Timeout' config setting missing from httpd.conf
vote: 0 (trivial)
B22: Fix another stack scribbling hole
vote: 0 (haven't seen the code)
B23: AddType for *.cgi, *.shtml won't work in .htaccess
vote: 0 (haven't seen the code)
E24: Adds content-type negotiation
vote: -1 (still under development)
E25: Custom error responses
vote: +1
If I've said "I haven't seen the code" that doesn't mean it
doesn't exist, it's proabably not obvious which patch this
refers to - we need the patch number in the filenames.
If this voting scheme makes sense, lets use it to filter out
the stuff we're happy with.
A "-1" vote should veto any patch. There seems to be about 6 or
7 of us activly commenting on patches, so I'd suggest that
once a patch gets a vote of +4 (with no vetos), we can add it
to an alpha.
rob
Re: patch list vote
Posted by Brian Behlendorf <br...@wired.com>.
On Wed, 15 Mar 1995, Rob Hartill wrote:
> Here are my votes for the current patch list shown at
> http://www.hyperreal.com/httpd/patchgen/list.cgi
And here are mine. Sorry for the delay, as with the rest of you dealing
with the volume of mail here and elsewhere has proven to be... an
interesting challenge.
> B1: The stack-scribbling security hole
+1, but make it an IFDEF. Later patches reduce its impact but don't
ameliorate it.
> B2: SO_LINGER set on client sockets
> vote: +1 (I didn't know what the problem was, but I'm happy with
> the explanations I've seen)
+1 here as well.
I have a SO_KEEPALIVE patch I need to submit. arg.
> B3: Server always pauses 3 seconds for scripts
> vote: -1 (this patch is redundant)
-1 as well.
> B4: <!--#config timefmt --> server-side include doesn't always take
> vote: -1 (I've seen conflicting patches for this, I need to
> look more carefully at both "solutions"
> Nicholas forwarded a multi-line patch.
> Robert Evans has a 1 line patch.
0 - I don't have a problem believing that two patches solve the same
problem in equally correct ways ;)
> B5: XBITHACK not honored on (!--#include--)ed files
> vote: 0 (I've looked at it, but didn't think while looking)
+1 - the code compiled and worked as advertised.
> B6: access files written w/o O_APPEND
> vote: 0 (I haven't seen any code for this yet)
+1, with Roy's updated patch as of yesterday.
> B7: Allow directive redundant
> vote: +1 (if that's in "patch.allow_then_deny")
> vote: 0 (otherwsie)
+1.
> B8: numeric UID fails unless UID in passwd file
> vote: 0 (haven't seen code)
Obsoleted by B18
> P9: initgroups() done once per connection
> vote: +1
+1
> P10: MIME headers read 1 character at a time
> vote: 0 (haven't seen code)
+1
> P11: open_locale() and tzset() done once per connect
> vote: +1
+1
> P12: Shared-memory name server cache
> vote: -1 (couldn't compile it on HP-UX)
0 - I'd give it +1 but I don't know enough about the portability issues
to be decisive. Also, this is more than a small patch, and waiting for
NCSA's 1.4 might be good in this case.
> P14: DBM-based user databases for HTTP authentication
> vote: 0 (haven't seen code)
0 too - this can wait.
> E15: add new CGI variables
> vote: -1 (need to discuss consequences on CGI spec)
0 - I see the need for standardization, and I can always put the patch in
for my own needs.
> E16: Allow any URL to invoke a script
> vote: 0 (haven't seen the code)
> vote: -1 (if it isn't a compile time option)
0 - I think this is obsoleted by rst's content negotiation stuff.
> B17: raise queue size in listen()
> vote: -1 (there are kernel issues here, I have no argument with
> the patch, but I'd like to see it more portable first)
+1 as long as it's a compile time option in httpd.h
> B18: Status; 302 should work, and doesn't
> vote: +1
+1
> B19: Embedded blanks in headers don't work
> vote: 0 (haven't seen the code)
>
> E20: Add multi-homed server support
> vote: 0 (haven't seen the code)
>
> O21: 'Timeout' config setting missing from httpd.conf
> vote: 0 (trivial)
0 on these as well.
> B22: Fix another stack scribbling hole
> vote: 0 (haven't seen the code)
+1, as long as we're on 1.3 code we should put this in.
> B23: AddType for *.cgi, *.shtml won't work in .htaccess
> vote: 0 (haven't seen the code)
+1, this worked fine on my server.
> E24: Adds content-type negotiation
> vote: -1 (still under development)
-1 as well until rob thau gets another weekend :)
> E25: Custom error responses
> vote: +1
+1
25 & 26 are the same
27-29 are the same (some spring cleaning in order)
30&31 are in discussion still
B33-36: +1 on all of them
B37 I'll vote on when I try out the code.
Hope this puts us over the top on some of these.
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/