> > Does someone know if there are any plans to incorporate
> > the EAPI into mainstream Apache?
>
> There were, but somehow it never got included.
> Someone on the apache list apparantly had a better solution,
> which also has not been incorporated...
>
> Status on that, Ralf?
My name is not Ralf :-), but...
As everybody agrees, it could be great. But chances are low, due to
politics. As you know, such a decision must be agreed by all of the
members of Apache Group, at least with "-0", but without any veto
(-1). It means that even if there is one competing project, there is
no chance to pass such a decision. It is a big loss, no matter what
SSL implementation for Apache is better, because currently mod_ssl
has much more users and its rising (in percents) is dramatic, so the
only result of excluding EAPI from the core source tree is
preventing Apache from ruling the SSL field (as it already does in
the non-SSL field).
But I thought about another idea: The EAPI stuff of mod_ssl can be
published not as a "patch" to the core source tree of Apache, but as
an already patched Apache. It means that "pkg.eapi/eapi.patch" and
"configure.bat" will not be needed anymore. To find the "sources" of
EAPI, one can "diff" the original Apache source and the patched one,
or to write a simple script that will look for ifdef's/idndef's/if's
whatever of "EAPI" etc.
I can promise you that soon after publishing merged packages, many
of the Apache's users will prefer to use these packages. The same
process happened with Linux: In its first days, users had to load
the kernel from one place, other parts from other places, and to
build everything. Now, most of the users just look for the most
integrated distrbution (which is, according to most users, RedHat).
I did a small investigation, and succeeded to build a source tree
which is good for both UNIX and Windows. Currently, there are some
files which are patched/created only by UNIX (pkg.eapi/eapi.patch),
some others which are patched/created only by Windows
(configure.bat), and some which even depend on specific local
definitions of the user's Windows system ("--with-ssl="). I merged
the procedures, and finally reached a status in which only one file
("src/modules/ssl/Makefile") should be created for Windows only and
with specific definitions for the local Windows (and even these can
be avoided by using environment variables for SSL_INC/SSL_LIB).
In my humble opinion, it is much better than maintaining three
separate packages (the original Apache, a script to patch Apache for
UNIX, and a Perl script to patch Apache for Windows), which is, no
doubt, an anomaly.
We can go even one more step, and wait for December 15, when the
government is expected (hopefully...) to give up the crypto
limitations on Open-Source Software. If it happens, we can also
merge the OpenSSL into this package, and then even things like
SSL_INC/SSL_LIB will not be needed anymore.
Maybe my ideas look too daring, but the current status in not
acceptable, and hurts the chances of mod_ssl to reach more users.
--
Eli Marmor
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
