Justin Erenkrantz wrote:
(I would be against distributing anything beyond our 'bare' minimums - so no zlib or OpenSSL.)
I'll agree on the openssl count, although we really are only supporting later 0.9.6/0.9.7 and focusing on 0.9.8. But given how lightweight zlib is, and how much of a moving target it was before 1.2.3, I'd strongly argue that 'deflate' is a core feature, that if we teach httpd to 'reinflate' there are many old vulnerabilites that we expose our users to, and that shipping 1.2.3 would add very little pain for much mod_deflate gain.
My only comment about unbundling pcre is that we're *very* particular about the pcre version.
Then we should scream loudly if they don't grab the -bundle package that their system pcre is quite crufty and can't be used?