You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rob Hartill <ha...@ooo.lanl.gov> on 1995/03/15 21:21:24 UTC

patch list vote

Here are my votes for the current patch list shown at
  http://www.hyperreal.com/httpd/patchgen/list.cgi

I'll use a vote of 
   -1 have a problem with it
    0 haven't tested it yet (failed to understand it or whatever)
   +1 tried it, liked it, have no problem with it.



B1:  The stack-scribbling security hole
vote: +1   (when used with David's config mallocs)
      -1   (when used without " " ")

B2:  SO_LINGER set on client sockets
vote: +1   (I didn't know what the problem was, but I'm happy with
             the explanations I've seen)

B3:  Server always pauses 3 seconds for scripts
vote: -1   (this patch is redundant)

B4:  <!--#config timefmt --> server-side include doesn't always take
vote: -1   (I've seen conflicting patches for this, I need to
             look more carefully at both "solutions"
            Nicholas forwarded a multi-line patch.
            Robert Evans has a 1 line patch.

B5:  XBITHACK not honored on (!--#include--)ed files
vote: 0    (I've looked at it, but didn't think while looking)

B6:  access files written w/o O_APPEND
vote: 0    (I haven't seen any code for this yet)

B7:  Allow directive redundant
vote: +1   (if that's in "patch.allow_then_deny")
vote: 0    (otherwsie)

B8:  numeric UID fails unless UID in passwd file
vote: 0    (haven't seen code)

P9:  initgroups() done once per connection
vote: +1   

P10: MIME headers read 1 character at a time
vote: 0    (haven't seen code)

P11: open_locale() and tzset() done once per connect
vote: +1 

P12: Shared-memory name server cache
vote: -1   (couldn't compile it on HP-UX)

P14: DBM-based user databases for HTTP authentication
vote: 0    (haven't seen code)

E15: add new CGI variables
vote: -1   (need to discuss consequences on CGI spec)

E16: Allow any URL to invoke a script
vote: 0    (haven't seen the code)
vote: -1   (if it isn't a compile time option)

B17: raise queue size in listen()
vote: -1   (there are kernel issues here, I have no argument with
             the patch, but I'd like to see it more portable first)

B18: Status; 302 should work, and doesn't
vote: +1

B19: Embedded blanks in headers don't work
vote: 0    (haven't seen the code)

E20: Add multi-homed server support
vote: 0   (haven't seen the code)

O21: 'Timeout' config setting missing from httpd.conf
vote: 0   (trivial)

B22:  Fix another stack scribbling hole
vote: 0   (haven't seen the code)

B23:  AddType for *.cgi, *.shtml won't work in .htaccess
vote: 0   (haven't seen the code)

E24:  Adds content-type negotiation
vote: -1  (still under development)

E25:  Custom error responses
vote: +1


         
If I've said "I haven't seen the code" that doesn't mean it
doesn't exist, it's proabably not obvious which patch this
refers to - we need the patch number in the filenames.

If this voting scheme makes sense, lets use it to filter out
the stuff we're happy with.
A "-1" vote should veto any patch. There seems to be about 6 or
7 of us activly commenting on patches, so I'd suggest that
once a patch gets a vote of +4 (with no vetos), we can add it
to an alpha.


rob

Re: patch list vote

Posted by Brian Behlendorf <br...@wired.com>.

On Wed, 15 Mar 1995, Rob Hartill wrote:
> Here are my votes for the current patch list shown at
>   http://www.hyperreal.com/httpd/patchgen/list.cgi

And here are mine.  Sorry for the delay, as with the rest of you dealing 
with the volume of mail here and elsewhere has proven to be... an 
interesting challenge.

> B1:  The stack-scribbling security hole
+1, but make it an IFDEF.  Later patches reduce its impact but don't 
ameliorate it.

> B2:  SO_LINGER set on client sockets
> vote: +1   (I didn't know what the problem was, but I'm happy with
>              the explanations I've seen)
+1 here as well.
I have a SO_KEEPALIVE patch I need to submit. arg.

> B3:  Server always pauses 3 seconds for scripts
> vote: -1   (this patch is redundant)
-1 as well.

> B4:  <!--#config timefmt --> server-side include doesn't always take
> vote: -1   (I've seen conflicting patches for this, I need to
>              look more carefully at both "solutions"
>             Nicholas forwarded a multi-line patch.
>             Robert Evans has a 1 line patch.
0 - I don't have a problem believing that two patches solve the same 
problem in equally correct ways ;) 

> B5:  XBITHACK not honored on (!--#include--)ed files
> vote: 0    (I've looked at it, but didn't think while looking)
+1 - the code compiled and worked as advertised.

> B6:  access files written w/o O_APPEND
> vote: 0    (I haven't seen any code for this yet)
+1, with Roy's updated patch as of yesterday.

> B7:  Allow directive redundant
> vote: +1   (if that's in "patch.allow_then_deny")
> vote: 0    (otherwsie)
+1.

> B8:  numeric UID fails unless UID in passwd file
> vote: 0    (haven't seen code)
Obsoleted by B18

> P9:  initgroups() done once per connection
> vote: +1   
+1

> P10: MIME headers read 1 character at a time
> vote: 0    (haven't seen code)
+1

> P11: open_locale() and tzset() done once per connect
> vote: +1 
+1

> P12: Shared-memory name server cache
> vote: -1   (couldn't compile it on HP-UX)
0 - I'd give it +1 but I don't know enough about the portability issues 
to be decisive.  Also, this is more than a small patch, and waiting for 
NCSA's 1.4 might be good in this case.

> P14: DBM-based user databases for HTTP authentication
> vote: 0    (haven't seen code)
0 too - this can wait.

> E15: add new CGI variables
> vote: -1   (need to discuss consequences on CGI spec)
0 - I see the need for standardization, and I can always put the patch in 
for my own needs.

> E16: Allow any URL to invoke a script
> vote: 0    (haven't seen the code)
> vote: -1   (if it isn't a compile time option)
0 - I think this is obsoleted by rst's content negotiation stuff.

> B17: raise queue size in listen()
> vote: -1   (there are kernel issues here, I have no argument with
>              the patch, but I'd like to see it more portable first)
+1 as long as it's a compile time option in httpd.h

> B18: Status; 302 should work, and doesn't
> vote: +1
+1

> B19: Embedded blanks in headers don't work
> vote: 0    (haven't seen the code)
> 
> E20: Add multi-homed server support
> vote: 0   (haven't seen the code)
> 
> O21: 'Timeout' config setting missing from httpd.conf
> vote: 0   (trivial)
0 on these as well.

> B22:  Fix another stack scribbling hole
> vote: 0   (haven't seen the code)
+1, as long as we're on 1.3 code we should put this in.

> B23:  AddType for *.cgi, *.shtml won't work in .htaccess
> vote: 0   (haven't seen the code)
+1, this worked fine on my server.

> E24:  Adds content-type negotiation
> vote: -1  (still under development)
-1 as well until rob thau gets another weekend :)

> E25:  Custom error responses
> vote: +1
+1

25 & 26 are the same 
27-29 are the same (some spring cleaning in order)
30&31 are in discussion still

B33-36: +1 on all of them

B37 I'll vote on when I try out the code.

Hope this puts us over the top on some of these.

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com  brian@hyperreal.com  http://www.hotwired.com/Staff/brian/