[VOTE] Location of aaa rewrite

[Justin Erenkrantz <je...@apache.org>]

Please vote:

[ ] Check in aaa rewrite to 2.0.
[ ] Check in aaa rewrite to 2.1.

Please realize that I don't think it's possible to maintain
backwards compatibility due to the relevant Authoritative directives.
So, a vote for 2.0 means it is okay to break backwards compatibility.

Everyone is encouraged to vote.  I believe majority wins since this
isn't a code vote, but a policy one.  (But, if someone says that
vetos apply, fine, but we may end up with dueling vetos - which then
doesn't help anyone.)

*If* we decide to place aaa under 2.1, then we can have a vote and/or
discussion on how we will approach 2.1.  -- justin

Re: [VOTE] Location of aaa rewrite

[Aaron Bannert <aa...@clove.org>]

On Tue, Sep 03, 2002 at 03:34:51PM -0700, Justin Erenkrantz wrote:
> Please vote:
> 
> [ ] Check in aaa rewrite to 2.0.
> [X] Check in aaa rewrite to 2.1.
> 
> Please realize that I don't think it's possible to maintain
> backwards compatibility due to the relevant Authoritative directives.
> So, a vote for 2.0 means it is okay to break backwards compatibility.


I'm not so concerned about breaking backward compatibility, since
eventually everyone who wants to use the latest features will have
to change their config to match. The biggest problem with working
on this in the current HEAD of the httpd-2.0 repository is _we don't
know how long it will take to stabilize_. This could very well mean
that we aren't able to make another release until the auth changes
are fully functional. This is not something I'm willing to gamble
on, especially since I'd like to see more frequent releases rather
than less frequent, and I *hate* holding up releases for "just this
one thing".

If we don't want to branch a full-on 2.1 tree, I would strongly suggest
that we at least branch a "new auth" tree so this unstable work doesn't
disrupt the rest of the tree.

my 2c,
-aaron

Re: [VOTE] Location of aaa rewrite

[Henning Brauer <hb...@bsws.de>]

On Wed, Sep 04, 2002 at 01:24:38PM +0200, Mads Toftum wrote:
> On Wed, Sep 04, 2002 at 01:07:38PM +0200, Henning Brauer wrote:
> > It's easy enough to create a 2.1 branch in CVS and developing the new auth
> > stuff there until it's stable. then syncing changes done in the 2.0 stuff in
> > and releasing 2.1 seems fair to me, opposed to destabilizing the whole 2.0
> > tree now.
> 
> I don't think people are talking about branching here - the 2.1 solution would
> be a new repository.

you are wrong.
read the last days mails again. this decision is delayed. if a majority
wants 2.0 it's obsolete anyway.

Re: [VOTE] Location of aaa rewrite

[Mads Toftum <ma...@toftum.dk>]

On Wed, Sep 04, 2002 at 01:07:38PM +0200, Henning Brauer wrote:
> It's easy enough to create a 2.1 branch in CVS and developing the new auth
> stuff there until it's stable. then syncing changes done in the 2.0 stuff in
> and releasing 2.1 seems fair to me, opposed to destabilizing the whole 2.0
> tree now.

I don't think people are talking about branching here - the 2.1 solution would
be a new repository.
Personally I don't see what the big problem is in checking it into the 2.0 repository,
the changes would be minimal on the configuration side and it should be fairly easy
to throw an error message if the server hits an old config. Looking at the docs for
1.3, there are several things that has been changed in how the config works up to .12
or even later - as long as 2.0 has no more users, the impact should be minimal.
If people are worried about this holding off a release, then why not consider what will
probably take the shortest time - stabilizing this new bit of code or getting a new
release rolled. If a new release is likely to happen within a couple of weeks, then
wait a bit - otherwise go ahead and get it in there.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

Re: [VOTE] Location of aaa rewrite

[Henning Brauer <hb...@bsws.de>]

On Wed, Sep 04, 2002 at 12:57:05PM +0200, Sander Striker wrote:
> > From: Henning Brauer [mailto:hb-apache-dev@bsws.de]
> > Sent: 04 September 2002 12:43
> 
> > On Tue, Sep 03, 2002 at 03:34:51PM -0700, Justin Erenkrantz wrote:
> > > [ ] Check in aaa rewrite to 2.0.
> > > [X] Check in aaa rewrite to 2.1.
> 
> Could you please motivate this?  We are interested in seeing
> why it should go in either 2.0 or 2.1.

It's easy enough to create a 2.1 branch in CVS and developing the new auth
stuff there until it's stable. then syncing changes done in the 2.0 stuff in
and releasing 2.1 seems fair to me, opposed to destabilizing the whole 2.0
tree now.

RE: [VOTE] Location of aaa rewrite

[Sander Striker <st...@apache.org>]

> From: Henning Brauer [mailto:hb-apache-dev@bsws.de]
> Sent: 04 September 2002 12:43

> On Tue, Sep 03, 2002 at 03:34:51PM -0700, Justin Erenkrantz wrote:
> > [ ] Check in aaa rewrite to 2.0.
> > [X] Check in aaa rewrite to 2.1.

Could you please motivate this?  We are interested in seeing
why it should go in either 2.0 or 2.1.

Thanks,

Sander

Re: [VOTE] Location of aaa rewrite

[Henning Brauer <hb...@bsws.de>]

On Tue, Sep 03, 2002 at 03:34:51PM -0700, Justin Erenkrantz wrote:
> [ ] Check in aaa rewrite to 2.0.
> [X] Check in aaa rewrite to 2.1.

Re: [VOTE] Location of aaa rewrite

[David Reid <dr...@jetnet.co.uk>]

> [X] Check in aaa rewrite to 2.0.
> [ ] Check in aaa rewrite to 2.1.

Why are we suddenly having so many damned votes...

Re: [VOTE] Location of aaa rewrite

[Brian Pane <br...@apache.org>]

rbb@apache.org wrote:

>On Tue, 3 Sep 2002, Chris Taylor wrote:
>
>  
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>    
>>
>>>[ ] Check in aaa rewrite to 2.0.
>>>[X] Check in aaa rewrite to 2.1.
>>>      
>>>
>>My view is that it's important to keep 2.0 stable to attract new
>>users, and breaking things all the time won't help :)
>>    
>>
>
>Can I ask a stupid question?  What have we actually broken since Apache
>2.0 went GA?  Binary compatibility?  How many functions?  How many of
>those were APR and not Apache?
>  
>

If I remember correctly, one or two releases since GA have broken
binary compatibility.  But I'm in favor of breaking it once again,
if it's for a good cause.  One technique we could use to manage
the impact on 3rd party developers and users is: release 2.0.41
with the current aaa design, and simultaneously announce that
2.0.42 will use the new design so that people have time to prepare.

Brian

Re: [VOTE] Location of aaa rewrite

[al...@foogod.com]

On Tue, Sep 03, 2002 at 06:59:38PM -0400, rbb@apache.org wrote:
> > > Can I ask a stupid question?  What have we actually broken since Apache
> > > 2.0 went GA?  Binary compatibility?  How many functions?  How many of
> > > those were APR and not Apache?
> > 
> > Sure, both source and binary compatibility were broken numerous times.
> > Check the PHP bug database for umpteen reports on each breakage.
> 
> Okay, but how is that different from early releases of 1.3?

I would like to make a small point here that just because the same things are
happening as happened before doesn't necessarily mean they're good things to
happen (either now or then).

I've heard people imply a few times now that since breaking things happened in
the early releases of 1.3, it's ok to do it in 2.0 too.  It seems to me this is
more an argument that the process for 1.3 was probably not what it should have
been, and we should try to do better in 2.x.

Also, while I agree that 2.0 can be classified still as "early adopter" stage,
I would like to point out that one of the biggest factors in determining
exactly how much _longer_ it stays in the early-adopter stage is going to be
how developmentally stable it's perceived to be by the rest of the world.
Every time we break compatibility, we are likely pushing general adoption
further into the future.

(I'm not intending to address the aaa vote with these comments, BTW, as I'm not
quite up enough on the issues to voice an opinion on that specific question.
I'm just talking about general principles that I think people should keep in
mind.)

-alex

Re: [VOTE] Location of aaa rewrite

[rb...@apache.org]

On Tue, 3 Sep 2002, Rasmus Lerdorf wrote:

> > On Tue, 3 Sep 2002, Rasmus Lerdorf wrote:
> >
> > > > On Tue, 3 Sep 2002, Chris Taylor wrote:
> > > >
> > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > > Hash: SHA1
> > > > >
> > > > > > [ ] Check in aaa rewrite to 2.0.
> > > > > > [X] Check in aaa rewrite to 2.1.
> > > > >
> > > > > My view is that it's important to keep 2.0 stable to attract new
> > > > > users, and breaking things all the time won't help :)
> > > >
> > > > Can I ask a stupid question?  What have we actually broken since Apache
> > > > 2.0 went GA?  Binary compatibility?  How many functions?  How many of
> > > > those were APR and not Apache?
> > >
> > > Sure, both source and binary compatibility were broken numerous times.
> > > Check the PHP bug database for umpteen reports on each breakage.
> >
> > Okay, but how is that different from early releases of 1.3?
> 
> I don't know, but you asked the question which sort of implied that
> nothing had been broken.

Okay, I was actually trying to imply that while we had broken stuff, we
hadn't broken that much, and that some modules would actually still work
(Except for the MMN).

Ryan

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
550 Jean St
Oakland CA 94610
-------------------------------------------------------------------------------

Re: [VOTE] Location of aaa rewrite

[Rasmus Lerdorf <ra...@apache.org>]

> On Tue, 3 Sep 2002, Rasmus Lerdorf wrote:
>
> > > On Tue, 3 Sep 2002, Chris Taylor wrote:
> > >
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > > [ ] Check in aaa rewrite to 2.0.
> > > > > [X] Check in aaa rewrite to 2.1.
> > > >
> > > > My view is that it's important to keep 2.0 stable to attract new
> > > > users, and breaking things all the time won't help :)
> > >
> > > Can I ask a stupid question?  What have we actually broken since Apache
> > > 2.0 went GA?  Binary compatibility?  How many functions?  How many of
> > > those were APR and not Apache?
> >
> > Sure, both source and binary compatibility were broken numerous times.
> > Check the PHP bug database for umpteen reports on each breakage.
>
> Okay, but how is that different from early releases of 1.3?

I don't know, but you asked the question which sort of implied that
nothing had been broken.

-Rasmus

Re: [VOTE] Location of aaa rewrite

[rb...@apache.org]

On Tue, 3 Sep 2002, Rasmus Lerdorf wrote:

> > On Tue, 3 Sep 2002, Chris Taylor wrote:
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > > [ ] Check in aaa rewrite to 2.0.
> > > > [X] Check in aaa rewrite to 2.1.
> > >
> > > My view is that it's important to keep 2.0 stable to attract new
> > > users, and breaking things all the time won't help :)
> >
> > Can I ask a stupid question?  What have we actually broken since Apache
> > 2.0 went GA?  Binary compatibility?  How many functions?  How many of
> > those were APR and not Apache?
> 
> Sure, both source and binary compatibility were broken numerous times.
> Check the PHP bug database for umpteen reports on each breakage.

Okay, but how is that different from early releases of 1.3?

Ryan

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
550 Jean St
Oakland CA 94610
-------------------------------------------------------------------------------

Re: [VOTE] Location of aaa rewrite

[Rasmus Lerdorf <ra...@apache.org>]

> On Tue, 3 Sep 2002, Chris Taylor wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > > [ ] Check in aaa rewrite to 2.0.
> > > [X] Check in aaa rewrite to 2.1.
> >
> > My view is that it's important to keep 2.0 stable to attract new
> > users, and breaking things all the time won't help :)
>
> Can I ask a stupid question?  What have we actually broken since Apache
> 2.0 went GA?  Binary compatibility?  How many functions?  How many of
> those were APR and not Apache?

Sure, both source and binary compatibility were broken numerous times.
Check the PHP bug database for umpteen reports on each breakage.

-Rasmus

Re: [VOTE] Location of aaa rewrite

[rb...@apache.org]

On Tue, 3 Sep 2002, Chris Taylor wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> > [ ] Check in aaa rewrite to 2.0.
> > [X] Check in aaa rewrite to 2.1.
> 
> My view is that it's important to keep 2.0 stable to attract new
> users, and breaking things all the time won't help :)

Can I ask a stupid question?  What have we actually broken since Apache
2.0 went GA?  Binary compatibility?  How many functions?  How many of
those were APR and not Apache?

Ryan

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
550 Jean St
Oakland CA 94610
-------------------------------------------------------------------------------

Re: [VOTE] Location of aaa rewrite

[Chris Taylor <ch...@x-bb.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> [ ] Check in aaa rewrite to 2.0.
> [X] Check in aaa rewrite to 2.1.

My view is that it's important to keep 2.0 stable to attract new
users, and breaking things all the time won't help :)

Chris Taylor - The guy with the PS2 WebServer
Email: chris@x-bb.org - PGP: http://www.x-bb.org/chris.asc

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPXU6ZSqf8lmE2RZkEQKSZQCfc+E2ZJr9l8YOkS/zC9Oy22jzu28An1i1
J9yD3fqag6mHNVfpDi+RRVQS
=LHJf
-----END PGP SIGNATURE-----

Re: [VOTE] Location of aaa rewrite

[Brian Pane <br...@apache.org>]

Justin Erenkrantz wrote:

>Please vote:
>
>[X] Check in aaa rewrite to 2.0.
>[ ] Check in aaa rewrite to 2.1.
>  
>

Re: [VOTE] Location of aaa rewrite

[David Shane Holden <dp...@yahoo.com>]

[ ] Check in aaa rewrite to 2.0.
[x] Check in aaa rewrite to 2.1.

Shane

Re: [VOTE] Location of aaa rewrite

[Greg Stein <gs...@lyra.org>]

On Tue, Sep 03, 2002 at 03:34:51PM -0700, Justin Erenkrantz wrote:
> Please vote:
> 
> [X] Check in aaa rewrite to 2.0.
> [ ] Check in aaa rewrite to 2.1.


----------------------

> Please realize that I don't think it's possible to maintain
> backwards compatibility due to the relevant Authoritative directives.
> So, a vote for 2.0 means it is okay to break backwards compatibility.

I think a carefully placed hack will fix the Authoritative stuff. :-)

For example, have mod_auth_basic define the directive, and have it alter its
dispatch to the different authn backends. You can certainly deprecate the
directive, but I bet it can end up working okay.

> Everyone is encouraged to vote.  I believe majority wins since this
> isn't a code vote, but a policy one.  (But, if someone says that
> vetos apply, fine, but we may end up with dueling vetos - which then
> doesn't help anyone.)

At this level, it is policy, so majority wins. When you check in code that
breaks the system, then a technical veto can arise. So you could always
state that this is advisory only :-)

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Re: [VOTE] Location of aaa rewrite

[Ian Holsman <ia...@apache.org>]

Jeff Trawick wrote:
> Justin Erenkrantz <je...@apache.org> writes:
> 
> 
>>[X] Check in aaa rewrite to 2.0.
>>[ ] Check in aaa rewrite to 2.1.
> 
> 
same with me.

Re: [VOTE] Location of aaa rewrite

[Jeff Trawick <tr...@attglobal.net>]

Justin Erenkrantz <je...@apache.org> writes:

> [X] Check in aaa rewrite to 2.0.
> [ ] Check in aaa rewrite to 2.1.

-- 
Jeff Trawick | trawick@attglobal.net
Born in Roswell... married an alien...

Re: [VOTE] Location of aaa rewrite

[Justin Erenkrantz <je...@apache.org>]

On Tue, Sep 03, 2002 at 04:36:58PM -0700, Joshua Slive wrote:
> Just as a crazy idea: Since you are retaining all the old APIs, shouldn't
> it be possible to distribute the current modules as mod_auth_compat and
> mod_auth_dbm_compat that users could activate to get all the old
> directives?

Eek.  Then, it would mean for some components, they would be able
to do things two different ways.  IMHO, that would only lead to code
rot and user confusion.

To make it clear, there are two phases to the grand scheme (in my
mind):

1) Split the components into auth, authn, or authz.

   The front-ends (basic, digest) would be under:     mod_auth_*
   Authentication (i.e. you are who you say you are): mod_authn_*
   Authorization (i.e. you can go where you want to): mod_authz_*

2) Switch to a provider scheme.

   This allows the code within mod_authn_* and mod_authz_* to be
   factored out to not be cut-and-pasted duplicates of each other.
   Each one has slightly different variations on the same code.
   It's a PITA.  And, we can't really do #2 until #1 is done.

For phase #1, we shift/rename files - no real gain in functionality
here.  For phase #2, we shift the APIs around.  Phase #2 is where we
get our real benefits (i.e. mod_auth_digest being able to be
something other than file-backed).

I think we can do the first part right now (gets our house in order)
and then work out how to do #2.  I already have a proof of concept
for #2 ready, but Sterling and some others have ideas on features we
can add for #2 to make it even better.  -- justin

Re: [VOTE] Location of aaa rewrite

[Joshua Slive <jo...@slive.ca>]

On Tue, 3 Sep 2002, Justin Erenkrantz wrote:

> Please realize that I don't think it's possible to maintain
> backwards compatibility due to the relevant Authoritative directives.
> So, a vote for 2.0 means it is okay to break backwards compatibility.

Just as a crazy idea: Since you are retaining all the old APIs, shouldn't
it be possible to distribute the current modules as mod_auth_compat and
mod_auth_dbm_compat that users could activate to get all the old
directives?

Joshua.

RE: [VOTE] Location of aaa rewrite

[Sander Striker <st...@apache.org>]

> From: Justin Erenkrantz [mailto:jerenkrantz@apache.org]
> Sent: 04 September 2002 00:35

> Please vote:
> 
> [X] Check in aaa rewrite to 2.0.
> [ ] Check in aaa rewrite to 2.1.
> 
> Please realize that I don't think it's possible to maintain
> backwards compatibility due to the relevant Authoritative directives.
> So, a vote for 2.0 means it is okay to break backwards compatibility.

Sander

Re: [VOTE] Location of aaa rewrite

[rb...@apache.org]

On Tue, 3 Sep 2002, Justin Erenkrantz wrote:

> Please vote:
> 
> [X] Check in aaa rewrite to 2.0.
> [ ] Check in aaa rewrite to 2.1.

Ryan