On Thu, Sep 05, 2002 at 04:41:38PM -0700, Marc Slemko wrote: > The argument would be that they would never be stabilized until they > are in HEAD since few people will use them until then.
And my counter argument is that it doesn't really matter if nobody uses it until it makes it into HEAD. This change, like all other changes made to httpd, should follow a couple simple rules: 1) If you're making a big change, post your patches. This means that you implement it as well as you can before posting. 2) Don't break the server, and if you do break it, make your fixes ASAP. Correct me if I'm wrong here, but it seems that the proposed changes are only theoretical, and that the features are not yet implemented. If this is not the case, and all the code is already there, then I completely drop my request for a branch. Someone please give me a time estimate for how long it will take to implement all the features (bugs aside). > We can make a branch for a security release after the fact, either > off the last release or off the pre-auth-change tag and then build > a security-fix-only release off that branch. Why would we branch for a security fix in lieu of just branching a sandbox for the auth developers to play in -- in the first place? -aaron
