You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by André Malo <nd...@perlig.de> on 2005/06/06 18:26:21 UTC
Re: svn commit: r180333 - /httpd/httpd/branches/ssl-fips-dev
* wrowe@apache.org wrote:
> Author: wrowe
> Date: Mon Jun 6 09:22:16 2005
> New Revision: 180333
>
> URL: http://svn.apache.org/viewcvs?rev=180333&view=rev
> Log:
> Sandbox of httpd/trunk/modules/ssl/ for OpenSSL 0.9.7 fips integration
> development
>
> Added:
> httpd/httpd/branches/ssl-fips-dev/
> - copied from r180332, httpd/httpd/trunk/modules/ssl/
I'm not sure about any policy, but it seems better to me to branch off the
whole trunk, not just a subtree (you never know, what needs to be modified
finally)
... Opinions?
nd
--
Gefunden auf einer "Webdesigner"-Seite:
> Programmierung in HTML, XML, WML, CGI, FLASH <
# André Malo # http://pub.perlig.de/ #
Re: svn commit: r180333 - /httpd/httpd/branches/ssl-fips-dev
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
--On Monday, June 6, 2005 8:24 PM +0200 Sander Striker <st...@apache.org>
wrote:
> Personally I prefer entire tree branches.
Agreed. This setup is going to make it difficult to test. -- justin
Re: svn commit: r180333 - /httpd/httpd/branches/ssl-fips-dev
Posted by Sander Striker <st...@apache.org>.
William A. Rowe, Jr. wrote:
> At 11:43 AM 6/6/2005, Paul Querna wrote:
>
>>André Malo wrote:
>>
>>
>>>>Sandbox of httpd/trunk/modules/ssl/ for OpenSSL 0.9.7 fips integration
>>>>development
>>>>
>>>>Added:
>>>> httpd/httpd/branches/ssl-fips-dev/
>>>> - copied from r180332, httpd/httpd/trunk/modules/ssl/
>>>
>>>I'm not sure about any policy, but it seems better to me to branch off the whole trunk, not just a subtree (you never know, what needs to be modified finally)
>>
>>I agree with nd.
>
>
> My thinking was; 98% of the changes will be to modules/ssl code
> itself. 90% of the remainder are likely to be incidental bug
> fixes than Ben, I or anyone else working on the tree encounter.
> The other 10% is autoconf detection.
>
> Most autoconf can be localized in modules/ssl, but for the rest
> of the autoconf issues, they should be no-ops if this code is
> not adopted. E.g. detecting if libcrypto.so.fips (the signature
> hash file) exists.
>
> Contrawise, most bug fixes to head will be better reviewed if
> those of us working in this branch pick them up immediately.
> But if concensus says make this a full tree, I'll be happy to
> oblige.
Personally I prefer entire tree branches.
Sander
Re: svn commit: r180333 - /httpd/httpd/branches/ssl-fips-dev
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 11:43 AM 6/6/2005, Paul Querna wrote:
>André Malo wrote:
>
>>>Sandbox of httpd/trunk/modules/ssl/ for OpenSSL 0.9.7 fips integration
>>>development
>>>
>>>Added:
>>> httpd/httpd/branches/ssl-fips-dev/
>>> - copied from r180332, httpd/httpd/trunk/modules/ssl/
>>
>>I'm not sure about any policy, but it seems better to me to branch off the whole trunk, not just a subtree (you never know, what needs to be modified finally)
>I agree with nd.
My thinking was; 98% of the changes will be to modules/ssl code
itself. 90% of the remainder are likely to be incidental bug
fixes than Ben, I or anyone else working on the tree encounter.
The other 10% is autoconf detection.
Most autoconf can be localized in modules/ssl, but for the rest
of the autoconf issues, they should be no-ops if this code is
not adopted. E.g. detecting if libcrypto.so.fips (the signature
hash file) exists.
Contrawise, most bug fixes to head will be better reviewed if
those of us working in this branch pick them up immediately.
But if concensus says make this a full tree, I'll be happy to
oblige.
Because most users in crypto-restricted environments would simply
rm -rf modules/ssl --- it's VERY important that all our crypto
code resides in that tree. That's the basis for my choice.
Bill
Re: svn commit: r180333 - /httpd/httpd/branches/ssl-fips-dev
Posted by Garrett Rooney <ro...@electricjellyfish.net>.
Paul Querna wrote:
> André Malo wrote:
>
>> * wrowe@apache.org wrote:
>>
>>
>>
>>> Author: wrowe
>>> Date: Mon Jun 6 09:22:16 2005
>>> New Revision: 180333
>>>
>>> URL: http://svn.apache.org/viewcvs?rev=180333&view=rev
>>> Log:
>>> Sandbox of httpd/trunk/modules/ssl/ for OpenSSL 0.9.7 fips integration
>>> development
>>>
>>> Added:
>>> httpd/httpd/branches/ssl-fips-dev/
>>> - copied from r180332, httpd/httpd/trunk/modules/ssl/
>>>
>>
>>
>> I'm not sure about any policy, but it seems better to me to branch off
>> the whole trunk, not just a subtree (you never know, what needs to be
>> modified finally)
>>
>> ... Opinions?
>>
>>
> I agree with nd.
Branching the whole tree is what's normally done.
If it turns out you're only actually using a small subset you can switch
just that portion of your trunk checkout to the branch, and thus avoid
the need to continuously merge all changes into the branch in order to
stay up to date, but it's way easier later on if you decide you need to
modify something outside that directory if you already have it there on
the branch.
-garrett
Re: svn commit: r180333 - /httpd/httpd/branches/ssl-fips-dev
Posted by Paul Querna <ch...@force-elite.com>.
André Malo wrote:
>* wrowe@apache.org wrote:
>
>
>
>>Author: wrowe
>>Date: Mon Jun 6 09:22:16 2005
>>New Revision: 180333
>>
>>URL: http://svn.apache.org/viewcvs?rev=180333&view=rev
>>Log:
>>Sandbox of httpd/trunk/modules/ssl/ for OpenSSL 0.9.7 fips integration
>>development
>>
>>Added:
>> httpd/httpd/branches/ssl-fips-dev/
>> - copied from r180332, httpd/httpd/trunk/modules/ssl/
>>
>>
>
>I'm not sure about any policy, but it seems better to me to branch off the
>whole trunk, not just a subtree (you never know, what needs to be modified
>finally)
>
>... Opinions?
>
>
I agree with nd.
-Paul