You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modules-dev@httpd.apache.org by Tim Bray <Ti...@Sun.COM> on 2007/09/01 18:39:36 UTC

Versioning a module?

I'm getting towards the point where I'm going to bless a build of  
mod_atom as 0.5 or something and actually encourage people to use it.

So... is there a convention on how to version a module?  Presumably  
there are cases where a client would like to query the module  
version?    -Tim

Re: Versioning a module?

Posted by Ralf Mattes <rm...@seid-online.de>.

On Sat, 2007-09-01 at 09:39 -0700, Tim Bray wrote:
> I'm getting towards the point where I'm going to bless a build of  
> mod_atom as 0.5 or something and actually encourage people to use it.
> 
> So... is there a convention on how to version a module?  Presumably  
> there are cases where a client would like to query the module  
> version?  

Really? I'd guess that most often one wants/needs to query the protocol
version of a module. After all, the module version doesn't matter as
long as it behaves in a defined way. I usually emmit a protocol version
header for all modules that support a defined API/protocol. You could
require the client to do the same (i.e. send a 'X-need-foo-version: >2'
header with the request).

 Cheers, Ralf Mattes

>   -Tim

[OT] Re: Versioning a module?

Posted by Arturo 'Buanzo' Busleiman <bu...@buanzo.com.ar>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Mads Toftum wrote:
> It used to be that you could just stick it into the server header and be
> done with it, but with recent trends of security "experts" telling
> everyone to go ServerTokens Prod, that doesn't really fly.

Typical security-through-obscurity approach. I just hate that kind of "expert". I'll see that it
does not become practice in this year's SANS TOP-20 (I've been a contributor to it for the last 4
years www.sans.org/top20)!

- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG3cRXAlpOsGhXcE0RCo0rAJ9m58S0gNj8DYy52CYMz0Sn/54ucgCfQJ/g
P9Jz3pfhbALdJRuO0csuzXo=
=SPAA
-----END PGP SIGNATURE-----

Re: Versioning a module?

Posted by Mads Toftum <ma...@toftum.dk>.

On Sat, Sep 01, 2007 at 09:39:36AM -0700, Tim Bray wrote:
> I'm getting towards the point where I'm going to bless a build of  
> mod_atom as 0.5 or something and actually encourage people to use it.
> 
> So... is there a convention on how to version a module?  Presumably  
> there are cases where a client would like to query the module  
> version?    -Tim

It used to be that you could just stick it into the server header and be
done with it, but with recent trends of security "experts" telling
everyone to go ServerTokens Prod, that doesn't really fly.
I can't currently remember any modules that does anything like this, as
most I can think of are really the server checking up on the client.
Adding a custom header seems like the obvious choice.

vh

Mads Toftum
-- 
http://soulfood.dk