Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: Yann Ylavic <ylavic....@gmail.com> Sent: Wednesday, November 2, 2022 9:47 AM To: dev@httpd.apache.org <dev@httpd.apache.org> Cc: Joe Schaefer <j...@sunstarsys.com> Subject: Re: [libapreq2] nits to pick about the patches to util.c over the past few years
On Mon, Oct 31, 2022 at 7:44 PM Joe Schaefer <j...@sunstarsys.com> wrote: > > The reason this took so long for the community to diagnose isn't because of > ill-intent, but because it constituted > a change of behavior in the parser logic that wasn't surfaced in the Changes > file. Please review r1905018 (with a CHANGES entry this time), along with r1905019 and r1905020 eventually. I'd suggest subscribing to c...@httpd.apache.org (if not already) and filter/mark subjects with "/httpd/apreq" if you don't want to miss anything. > > There is never going to come a time when there is any need for urgent action > on apreq- if it was easy to zero-day > it, it would have happened by now. Thus, take as much time as you need > between releases to communicate with > the community about the nature of the deltas you intend to ship with any GA > release. You have my email address > if you need to spitball any patchsets you are toying with; it's a lot less > painful to get my input in advance than after the fact. That's not how it usually works though: r1895107 is dated "Nov 17, 2021", the [VOTE] for v2.17 started "Aug 18, 2022" and ended Aug 25, which left you 8 months to review the changes in trunk (and chime in..). There’s nothing usual about this situation, Yann. I’ve retired from the foundation many years ago. I’m here now because of the hatchet job in the 2.17 announce and CVE description, and resulting need for me to parachute back in again to assist. If you want me in person to review something, for your own benefit as someone who deals in apreq, I’m happy to. That will instantly drop any charges of treating users like Guinea pigs, and also mean I will be more respectful of your work overall. Regards; Yann.
