"Sander Striker" <[EMAIL PROTECTED]>; [EMAIL PROTECTED]:35 GMT-5
From: Leif W [mailto:[EMAIL PROTECTED] Sent: Thursday, February 10, 2005 3:10 PM
things which might commonly be used in concert? Is there any "direction" given
from "the top" of the Apache group in regards to what gets attention?
No, there is not. The committers are free to work on what they want.
Ok, just wasn't sure how the ASF worked, some combination of directed and volunteer effort or something. Not "do this or else" strict direction, but "please focus energy here if you can", a laidback direction.
In the message on the suPHP list, it is implied that there is in general a
mentality that security is not a priority
Given the way we handle security issues I don't think this remark will hold water.
That's quoted out of context. Security holes get prompt attention. I was referring specifically to security as presented by perchild, as noted in the parenthisized expression below which was part of the same sentence. Sorry if my wording misconstrued the point.
(at least regarding setuid per request as perchild MPM would like to do),
Apparently there are a lot of people with the itch, but nobody scratching it.
[...]
Well, we are volunteers you know ;). I'm sure you could find someone to work
on perchild on a contract basis, making your itch (one of) the developers itch.
Or even an external party who would submit patches.
I'd be more than happy to scratch this itch, but I haven't the coding ability or speed, testing environment, resources or time right now. I'd do it for the fee of training me how to do it. :p I'll need to consult the reference manuals. If I had financial resources I'd use them to encourage itches like this to be scratched, because when admin get burnt out over a missing feature, I'd like to give back that enthusiasm and fun and peace of mind. Coding is hard work and people deserve something for the time, even if enjoyment of the coding effort is usually enough. FWIW, I try to payback to this specific in the only way I can, by helping on the users list, and occasionally try to submit simpler code to other projects.
Well, what is vital depends on context. Apparently it isn't as vital, since
2.x is certainly used without this vital mpm.
Agreed, it would be very nice to see perchild development picked up again. Or
metux integrated in the main distro (it'd need review and all that, and ofcourse
desire from the metux developers to do so). For me personally, it isn't a big
enough itch to start scratching it. Proxy and caching are a lot higher on my
personal agenda. As are some other features I still am desperately seeking the
time for to work on.
There may be a discrepancy between what developers in general consensus think is vital, what is vital to individual developers, what admin think is vital, or people of different platforms, or what combinations of technologies are being used in concert. I'm thinking vital in terms of a common problem which many experience, for whom various workarounds do not work that well.
To that end I am just curious about what it takes to have something of that magnitude eventually committed. If no developers are currently interested in a topic, who reviews it? What if someone applies to be a developer and says this is vital to them and a portion of the user base? Wether RTC or CTR, some patches of a lesser magnitude (affecting only one module for instance) seem to fly right through, yet other patches hang around a long time. I am just curious if "status quo" vs. "who you know" plays any part in the process. If so then it has to be planned for and addressed by anyone attempting to make a contribution. I'm not so good figuring this stuff out, so that's why I ask.
The problem is that you drag in the *nix vs Windows argument. Why do we need
to bother with that at all?
Hmm, sorry, I didn't even see that happening. I did not feel like I was requesting a discussion of the A vs. B, but it maybe opened the wrong door, and I'm sorry for that. I mentioned something about A and B, thought that it might be mistaken for an argument of pro A con B, and stated that I didn't wish to discuss it in that context, and hoped that would be enough. The initial discussion was presented to me as perchild mpm (security) vs winnt mpm (portability), so my initial thoughts were along that line. But as I indicated, I considered the possibility that it was just a coincidence of events, not a directed intent. If I say I prefer A to B, is that wrong? IMO no, because I did not ask anyone to agree, nor ask their opinion, nor tell anyone what to prefer. You don't have to talk about that then. :-) I am not arguing for or against an OS. I just mentioned the three as the OSes to which I have had access, and experience, and to which platform some 3rd party solutions to setuid/setgid (perorphan?) are available and some are not. Of course I'd like a portable solution.
Anyways, thanks to everyone for explaining this better.
Leif
