Bug report for Apache httpd-1.3 [2007/08/19]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=CriticalMAJ=Major | | | | MIN=Minor NOR=Normal ENH=Enhancement | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |10038|New|Min|2002-06-20|ab benchmaker hangs on 10K https URLs with keepali| |10744|New|Nor|2002-07-12|suexec might fail to open log file| |10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i| |10760|New|Maj|2002-07-12|empty ftp directory listings from cached ftp direc| |14518|Opn|Nor|2002-11-13|QUERY_STRING parts not incorporated by mod_rewrite| |16013|Opn|Nor|2003-01-13|Fooling mod_autoindex + IndexIgnore | |16631|Inf|Min|2003-01-31|.htaccess errors logged outside the virtual host l| |17318|Inf|Cri|2003-02-23|Abend on deleting a temporary cache file if proxy | |19279|Inf|Min|2003-04-24|Invalid chmod options in solaris build| |21637|Inf|Nor|2003-07-16|Timeout causes a status code of 200 to be logged | |21777|Inf|Min|2003-07-21|mod_mime_magic doesn't handle little gif files| |22618|New|Maj|2003-08-21|MultiViews invalidates PATH_TRANSLATED if cgi-wrap| |22856|New|Min|2003-09-01|No "304 not modified" when If-Modified-Since is a| |23472|New|Nor|2003-09-29|httpd.conf-dist has the wrong language code and MI| |25057|Inf|Maj|2003-11-27|Empty PUT access control in .htaccess overrides co| |26126|New|Nor|2004-01-14|mod_include hangs with request body | |26152|Ass|Nor|2004-01-15|Apache 1.3.29 and below directory traversal vulner| |26790|New|Maj|2004-02-09|error deleting old cache file | |29257|Opn|Nor|2004-05-27|Problem with apache-1.3.31 and mod_frontpage (dso,| |29498|New|Maj|2004-06-10|non-anonymous ftp broken in mod_proxy | |29538|Ass|Enh|2004-06-12|No facility used in ErrorLog to syslog| |30207|New|Nor|2004-07-20|Piped logs don't close read end of pipe | |30877|New|Nor|2004-08-26|htpasswd clears passwd file on Sun when /var/tmp i| |30909|New|Cri|2004-08-28|sporadic segfault resulting in broken connections | |31483|Opn|Enh|2004-09-30|add svgz in mime.types file | |31975|New|Nor|2004-10-29|httpd-1.3.33: buffer overflow in htpasswd if calle| |32078|New|Enh|2004-11-05|clean up some compiler warnings | |32539|New| |2004-12-06|[PATCH] configure --enable-shared= brocken on SuSE| |32974|Inf|Maj|2005-01-06|Client IP not set | |33086|New|Nor|2005-01-13|unconsistency betwen 404 displayed path and server| |33495|Inf|Cri|2005-02-10|Apache crashes with "WSADuplicateSocket failed for| |33772|New|Nor|2005-02-28|inconsistency in manual and error reporting by sue| |33875|New|Enh|2005-03-07|Apache processes consuming CPU| |34108|New|Nor|2005-03-21|mod_negotiation changes mtime to mtime of Document| |34114|New|Nor|2005-03-21|Apache could interleave log entries when writing t| |34404|Inf|Blk|2005-04-11|RewriteMap prg can not handle fpout | |34571|Inf|Maj|2005-04-22|Apache 1.3.33 stops logging vhost| |34573|Inf|Maj|2005-04-22|.htaccess not working / mod_auth_mysql| |35424|New|Nor|2005-06-20|httpd disconnect in Timeout on CGI| |35439|New|Nor|2005-06-21|Problem with remove "/../" in util.c and mod_rewri| |35547|Inf|Maj|2005-06-29|Problems with libapreq 1.2 and Apache::Cookie | |3|New|Nor|2005-06-30|Can't find DBM on Debian Sarge| |36375|New|Nor|2005-08-26|Cannot include http_config.h from C++ file| |37166|New|Nor|2005-10-19|Under certain conditions, mod_cgi delivers an empt| |37185|New|Enh|2005-10-20|AddIcon, AddIconByType for OpenDocument format| |37252|New| |2005-10-26|gen_test_char reject NLS string | |37798|Opn|Nor|2005-12-05|Add quite popular CHM extension to mime.types | |38989|New|Nor|2006-03-15|restart + piped logs stalls httpd for 24 minutes (| |39104|New|Enh|2006-03-25|[FR] fix build with -Wl,--as-needed | |39287|New|Nor|2006-04-12|Incorrect If-Modified-Since validation (due to syn| |39937|New|Nor|2006-06-30|Garbage output if README.html is gzipped or compre| |40176|
Re: patched sources v.s. release candidates
On Sun, Aug 19, 2007 at 03:05:14PM -0500, William A. Rowe, Jr. wrote: > You specifically mentioned how many distros have patched sources, and > that's true (and not an issue). What I asked was, are there distros which > ship our release candidates before they are released, and if so, are they > labeled as such? I've had ports trees that carried odd-numbered trains, (2.1, 2.3), and even yesterdays-svn (from nightly builds)! > > Our candidates are 100% redistributable and licensed in accordance with > > AL2.0, just like our svn trees. > > So you can make anything out of any combination of our svn trees, with > whatever patches you like, as long as you give them your own name. Right? > They are not, for example, a "release 2.2.5" until the project approves them. Yes, and to repeat again; as long as it is made clear that it is not an ASF release :-) > E.g. I might have a binary "BetterScript, based on PHP sources 5.2.4 RC2", > but I better not ship that as *the* "PHP 5.2.4". Do we agree on this, > or not? Or are we in the mode of playing devil's advocate to spend list > bandwidth? (Sometimes I don't know with you, Colm :-) I'm not trying to split hairs, but the tarballs we create as RCs are licensed AL2.0 , and there's no way we can change that. That's all I mean, third parties can take those tarballs and redistribute them as they wish - as long as they take all of the precautions and steps redistributors usually should. I'm told it would be a bad idea for them to mis-represent things by claiming it was an ASF release, what kind of naming practises that translates into is probably best consulted with a lawyer :/ > I'd hate to find the RC process closed, as Jim's suggested, because of > misunderstandings about this subtle difference of opinion. The only > thing we lose is quality of our releases. This is not some subtle difference of opinion. You said; "Without an announce, /dev/ tarball build doesn't belong on any external site." This is simply at odds with the AL2.0, so I'm saying the complete opposite. I don't think that's subtle :-) /dev/ tarballs *are* re-distributable, it says so right there in them, and this is irrevokably the case. -- Colm MacCárthaighPublic Key: [EMAIL PROTECTED]
RE: Apachelounge has to remove Apachelounge Feather, be warned
Guys, How about everyone take a deep breath here. Right now it's about helping not hurting. It's about trying to deliver a product which clearly needs some vision to a customer base that is increasingly becoming IIS dependant (check the Netcraft numbers). You're all missing the bigger picture. Apache is on the decline. You should be doing anything and everything to come up with a consistent, compelling, credible product that gives your customer base confidence that Apache is still relevant. I've been watching these threads and feel for the Apache Lounge guy. I remember the wars Kevin and I went through when we tried to donate Mod_Gzip to the Apache foundation. Mod_gzip succeeded beyond all imagination, but as the saying goes "there has to be a better way" than dealing with all this nonsense. What's important here is your customer base. It's in decline because there are too many inconsistent versions of Apache out there without any clear differentiator over the competition (Microsoft) which is starting to eat everyone's lunch. Steffen was trying to help. How about helping him to succeed. Let's put the personalities to one side and attach the problem not the people. Cheers, Peter _ Peter J. Cranstone 5o9, Inc. Boulder, CO USA Mobile: 303.809.7342 | GMT -7 Skype: Cranstone Email: [EMAIL PROTECTED] Blog: http://petercranstone.blogspot.com Making Web Services Contextually Aware Web site: www.5o9inc.com -Original Message- From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED] Sent: Sunday, August 19, 2007 1:41 PM To: dev@httpd.apache.org Subject: Re: Apachelounge has to remove Apachelounge Feather, be warned Steffen wrote: > > On request I have to remove the Feather, see the mail below. You are welcome to share that private post, of course. I mailed you privately so that you could ask any questions of the prc@ folks, and even ask them for permission, at a more leisurely pace. I was also trying to handle that issue more tactfully than I had the first issue. I said (nicely) If you would please remove the Apache feather, and indicate the site is not affiliated with the Apache Software Foundation nor the Apache httpd Server Project, I believe this would address all of the Foundation's concerns. which was to say, the only issue we have with you as part of our community is not confusing users between the ASF site and your site. By making sure your users aren't confused you earn the goodwill of the developers and community. Your site is part of the wider httpd user community, and that's a good thing. Your site isn't part of the Foundation. Our logo integrated into yours could be misleading. We have an imperative to defend our mark, that's how trademarks work. Again, I politely offered for you to ask [EMAIL PROTECTED] They are the final word, if they say to you not to use it, don't. Or if they offered "no, we don't find that confusing, you have permission to use it in that way", then you would be able to add 'Feather logo used with permission of the ASF' or something similar on your own site. Now, more about confusion. In your favor, you very clearly indicate that it's your build and how you've gone about building it. I've supported all of you, including Hunter, yourself and countless others when you bring back problem reports. We don't always agree on the "one right fix", but it's always fixed. And you are one of the first to bring us trouble reports about a release candidate. Please don't decide we don't appreciate you if we simply point out problems with your site. We don't discriminate, we bring these up to all the sites where we find such problems, as we find them. I'm sorry if you feel singled out today, or if my tone rubbed you the wrong way. Jeff and I offered comments in January about how you presented the release candidate as releases. You ended the conversation that you would take them down but you didn't see our reasoning. http://mail-archives.apache.org/mod_mbox/httpd-dev/200701.mbox/[EMAIL PROTECTED] Now, I'd offered you some of the reasoning (not all, for sure) of why it's not a good idea *in your interests*, and also why it's not helpful to your users if they are confused by an unreleased package. Maybe you still don't see the reasoning. But I hoped you would understand these are not any territorial dispute, but for your benefit. If I disliked you I would have said nothing. The bottom line is that nobody took issue with Jeff's or my comments. They are free to do so. Colm has this time around. His points don't quite jive, if you offered a patch set and said "hey, this is the difference between the ASF's 2.2.4 and my binaries here", then his point would be spot-on and we'd all agree there is no issue. Or change it radically and don't name it Apache 2.2.4. That's fine too. I couldn't find the argument for releasing our *candidates* on external sites from Colm'
Re: patched sources v.s. release candidates
Colm MacCarthaigh wrote: > On Sun, Aug 19, 2007 at 02:40:39PM -0500, William A. Rowe, Jr. wrote: >> The bottom line is that nobody took issue with Jeff's or my comments. They >> are free to do so. Colm has this time around. His points don't quite jive, >> if you offered a patch set and said "hey, this is the difference between >> the ASF's 2.2.4 and my binaries here", then his point would be spot-on and >> we'd all agree there is no issue. > > I have absolutely no idea what you're talking about here, and what > points jive or not. You specifically mentioned how many distros have patched sources, and that's true (and not an issue). What I asked was, are there distros which ship our release candidates before they are released, and if so, are they labeled as such? I still think we are talking apples and oranges. Maybe it's time to tend to our long neglected testers@ to ensure everyone is on the same page? But I'd still maintain that keeping the RC testing activity in one place is good for our releases (speaking as a more than occasional RM). > Our candidates are 100% redistributable and licensed in accordance with > AL2.0, just like our svn trees. So you can make anything out of any combination of our svn trees, with whatever patches you like, as long as you give them your own name. Right? They are not, for example, a "release 2.2.5" until the project approves them. E.g. I might have a binary "BetterScript, based on PHP sources 5.2.4 RC2", but I better not ship that as *the* "PHP 5.2.4". Do we agree on this, or not? Or are we in the mode of playing devil's advocate to spend list bandwidth? (Sometimes I don't know with you, Colm :-) I'd hate to find the RC process closed, as Jim's suggested, because of misunderstandings about this subtle difference of opinion. The only thing we lose is quality of our releases. Bill
Re: Apachelounge problems
On Sun, Aug 19, 2007 at 01:15:21PM -0400, Joe Schaefer wrote: > > It's called "dist", clearly they are for any level distribution anyone > > feels like. Unless you want us to re-license! > > But the "dist" should be limited to people who are on/pay attention to > this mailing list [1]. This is simply at odds with the license :-) > Anything else increases the personal liability of anyone involved in > putting that tarball up on the website for download. That's a side effect, yes. It's never stopped me, but that window of liability does exist in our procedures. There all sorts of other holes in that "shield" too anyway :/ > If putting files into dev/dist conveys the implication that you intend > for people to be *redistributing* those artifacts, then I think it is > a mistake, It's not about implications, it's about the simple fact that the very license contained in those very files grants everyone an irrevocable right to distribute it. > and you'd be better off using people.apache.org/~foo for putting up > candidates to test. That doesn't stop people from redistributing > candidates, but it doesn't conflate the fact that the ASF/this PMC has > done nothing to endorse them. it also makes them slightly harder to scrape :-) -- Colm MacCárthaighPublic Key: [EMAIL PROTECTED]
Re: Apachelounge has to remove Apachelounge Feather, be warned
On Sun, Aug 19, 2007 at 02:40:39PM -0500, William A. Rowe, Jr. wrote: > The bottom line is that nobody took issue with Jeff's or my comments. They > are free to do so. Colm has this time around. His points don't quite jive, > if you offered a patch set and said "hey, this is the difference between > the ASF's 2.2.4 and my binaries here", then his point would be spot-on and > we'd all agree there is no issue. I have absolutely no idea what you're talking about here, and what points jive or not. > I couldn't find the argument for releasing our *candidates* on > external sites from Colm's observations. Our candidates are 100% redistributable and licensed in accordance with AL2.0, just like our svn trees. It says so right there in them, and we're pretty familiar with that the AL permits. If someone wants to take our candidates and put it on another site, they are plainly free to do so. -- Colm MacCárthaighPublic Key: [EMAIL PROTECTED]
Re: Apachelounge has to remove Apachelounge Feather, be warned
Steffen wrote: > > On request I have to remove the Feather, see the mail below. You are welcome to share that private post, of course. I mailed you privately so that you could ask any questions of the prc@ folks, and even ask them for permission, at a more leisurely pace. I was also trying to handle that issue more tactfully than I had the first issue. I said (nicely) If you would please remove the Apache feather, and indicate the site is not affiliated with the Apache Software Foundation nor the Apache httpd Server Project, I believe this would address all of the Foundation's concerns. which was to say, the only issue we have with you as part of our community is not confusing users between the ASF site and your site. By making sure your users aren't confused you earn the goodwill of the developers and community. Your site is part of the wider httpd user community, and that's a good thing. Your site isn't part of the Foundation. Our logo integrated into yours could be misleading. We have an imperative to defend our mark, that's how trademarks work. Again, I politely offered for you to ask [EMAIL PROTECTED] They are the final word, if they say to you not to use it, don't. Or if they offered "no, we don't find that confusing, you have permission to use it in that way", then you would be able to add 'Feather logo used with permission of the ASF' or something similar on your own site. Now, more about confusion. In your favor, you very clearly indicate that it's your build and how you've gone about building it. I've supported all of you, including Hunter, yourself and countless others when you bring back problem reports. We don't always agree on the "one right fix", but it's always fixed. And you are one of the first to bring us trouble reports about a release candidate. Please don't decide we don't appreciate you if we simply point out problems with your site. We don't discriminate, we bring these up to all the sites where we find such problems, as we find them. I'm sorry if you feel singled out today, or if my tone rubbed you the wrong way. Jeff and I offered comments in January about how you presented the release candidate as releases. You ended the conversation that you would take them down but you didn't see our reasoning. http://mail-archives.apache.org/mod_mbox/httpd-dev/200701.mbox/[EMAIL PROTECTED] Now, I'd offered you some of the reasoning (not all, for sure) of why it's not a good idea *in your interests*, and also why it's not helpful to your users if they are confused by an unreleased package. Maybe you still don't see the reasoning. But I hoped you would understand these are not any territorial dispute, but for your benefit. If I disliked you I would have said nothing. The bottom line is that nobody took issue with Jeff's or my comments. They are free to do so. Colm has this time around. His points don't quite jive, if you offered a patch set and said "hey, this is the difference between the ASF's 2.2.4 and my binaries here", then his point would be spot-on and we'd all agree there is no issue. Or change it radically and don't name it Apache 2.2.4. That's fine too. I couldn't find the argument for releasing our *candidates* on external sites from Colm's observations. > So other Apache Community sites are warned. And maybe customer sites with > the Apache logo must be warned. We do. There is fair-use (when you see a feather on slashdot next to an article about the foundation) and then there's the case where folks blend the feather into their own logo, as you had, or if they use it to represent that they are an Apache company. If you look at the other players in your space, they aren't labeling their pages with the Apache feather. Where they are, we politely send them a similar letter. > Till now I was thinking that we where a friends Community in sake of Open > Source. Well, there are two communities, first there is the ASF. And there is also the wider community. You participate in both, which is great. > Correct me if I wrong, but sometimes I have the feeling that ASF and/or > Covalent Technologies are not happy with the Apache Lounge. And like Tom > said before: sounds a bit more territorial than legal to me. Maybe > Covalent Technologies is also trying to protect there position as > distributor ? No. There are plenty of distributors of Apache binaries for Windows. My company actually left the sphere of providing 'offsite' binaries for the community, instead - focusing on providing resources at the ASF. And have I said anything disparaging about your providing VC2005 based builds of Apache httpd *released* software? No. I have no issue, and no territory to defend on this. ALL I said was release candidates are here, remain here, discussed here and then made available to the entire community, ApacheLounge included. These other distributors don't ship release candidates, and if they do, they assume the risks because they have deeper poc
Re: Apachelounge problems
Colm MacCarthaigh wrote: > > On Sun, Aug 19, 2007 at 12:16:03PM -0400, Jim Jagielski wrote: > > Colm MacCarthaigh wrote: > > > Like I said, as long as ApacheLounge makes clear that the versions it > > > carries are not ASF releases, it's certainly permitted by the license > > > and not the least bit out of the ordinary. > > > > That's the point, isn't it?? > > Yes! And I think they should make it more clear :-) But I don't think we > should be requesting them not to make RC tarballs or arbitrary checkouts > from svn available, that's their choice. I think it's a bad idea for > them, but ultimately their own problem. On principle I think it's wrong > for us to request them not to - it's at odds with the OSI definition of > open-source for one thing. > As long as they don't call it Apache 2.2.5 or mislead people into thinking it is, I tend to agree. I think the point is that there are people out there right now running what they think is Apache 2.2.5 when, in fact, there is no such thing... -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "If you can dodge a wrench, you can dodge a ball."
Re: Apachelounge problems
On Sun, Aug 19, 2007 at 12:16:03PM -0400, Jim Jagielski wrote: > Colm MacCarthaigh wrote: > > Like I said, as long as ApacheLounge makes clear that the versions it > > carries are not ASF releases, it's certainly permitted by the license > > and not the least bit out of the ordinary. > > That's the point, isn't it?? Yes! And I think they should make it more clear :-) But I don't think we should be requesting them not to make RC tarballs or arbitrary checkouts from svn available, that's their choice. I think it's a bad idea for them, but ultimately their own problem. On principle I think it's wrong for us to request them not to - it's at odds with the OSI definition of open-source for one thing. -- Colm MacCárthaighPublic Key: [EMAIL PROTECTED]
Re: Apachelounge problems
Joe Schaefer wrote: > > Colm MacCarthaigh <[EMAIL PROTECTED]> writes: > > > On Sat, Aug 18, 2007 at 05:09:08PM -0500, William A. Rowe, Jr. wrote: > >> Hmmm... seems that - even though we've *repeated* this multiple times, > >> we have to state this again. Contents of http://httpd.apache.org/dev/dist/ > >> are *development* tarballs and not for any distribution. > > > > It's called "dist", clearly they are for any level distribution anyone > > feels like. Unless you want us to re-license! > > But the "dist" should be limited to people who are on/pay attention to > this mailing list [1]. Anything else increases the personal liability of > anyone involved in putting that tarball up on the website for download. > > If putting files into dev/dist conveys the implication that you intend > for people to be *redistributing* those artifacts, then I think it > is a mistake, and you'd be better off using people.apache.org/~foo > for putting up candidates to test. That doesn't stop people from > redistributing candidates, but it doesn't conflate the fact that > the ASF/this PMC has done nothing to endorse them. > Personally, I intend to, in the future, put all candidate tarballs under my ~jim link; Not that this will remove the problem at all, but at least it avoids the irritating claim that somehow by placing under dev/dist we are "releasing" the s/w. -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "If you can dodge a wrench, you can dodge a ball."
Re: Apachelounge has to remove Apachelounge Feather, be warned
Steffen wrote: > > > > > Nothing could be further from the truth. > > > > Not so far, from their site: > > Since Covalent maintains close ties with the ASF and employees expert staff > who work on the Apache HTTP project full time as code committers, we are > committed to supporting our customers who use Apache HTTP either standalone > or bundled as part of Covalent Enterprise Ready Server (ERS). > > "Their" being Covalent, not the ASF. But I don't see how that in any way "proves" your statement that "the ASF and/or Covalent Technologies are not happy with the Apache Lounge" or that "Covalent is trying to protect there(sic) position"... Bill said this himself: he acted as an individual and not with his Covalent hat on at all. Nor with his Apache hat on either. To claim that this is an Apache Lounge vs. "ASF and/or Covalent" issue is clearly not the case. Nor should it be "amazing" to anyone that the ASF has issues with how the Apache logo or name are used. Hate to tell you this, but we've done this to many many others, like IBM, JBoss and yes Covalent. > Steffen > > > - Original Message - > From: "Jim Jagielski" <[EMAIL PROTECTED]> > To: > Cc: <[EMAIL PROTECTED]> > Sent: Sunday, 19 August, 2007 17:25 > Subject: Re: Apachelounge has to remove Apachelounge Feather, be warned > > > > > > On Aug 19, 2007, at 5:49 AM, Steffen wrote: > > > >> > >> Correct me if I wrong, but sometimes I have the feeling that ASF and/or > >> Covalent Technologies are not happy with the Apache Lounge. And like Tom > >> said before: sounds a bit more territorial than legal to me. Maybe > >> Covalent Technologies is also trying to protect there position as > >> distributor ? > >> > > > > Nothing could be further from the truth. > > > > > -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "If you can dodge a wrench, you can dodge a ball."
Re: Apachelounge problems
Colm MacCarthaigh <[EMAIL PROTECTED]> writes: > On Sat, Aug 18, 2007 at 05:09:08PM -0500, William A. Rowe, Jr. wrote: >> Hmmm... seems that - even though we've *repeated* this multiple times, >> we have to state this again. Contents of http://httpd.apache.org/dev/dist/ >> are *development* tarballs and not for any distribution. > > It's called "dist", clearly they are for any level distribution anyone > feels like. Unless you want us to re-license! But the "dist" should be limited to people who are on/pay attention to this mailing list [1]. Anything else increases the personal liability of anyone involved in putting that tarball up on the website for download. If putting files into dev/dist conveys the implication that you intend for people to be *redistributing* those artifacts, then I think it is a mistake, and you'd be better off using people.apache.org/~foo for putting up candidates to test. That doesn't stop people from redistributing candidates, but it doesn't conflate the fact that the ASF/this PMC has done nothing to endorse them. [1] - http://www.apache.org/dev/release.html#what -- Joe Schaefer
Re: Apachelounge has to remove Apachelounge Feather, be warned
Nothing could be further from the truth. Not so far, from their site: Since Covalent maintains close ties with the ASF and employees expert staff who work on the Apache HTTP project full time as code committers, we are committed to supporting our customers who use Apache HTTP either standalone or bundled as part of Covalent Enterprise Ready Server (ERS). Steffen - Original Message - From: "Jim Jagielski" <[EMAIL PROTECTED]> To: Cc: <[EMAIL PROTECTED]> Sent: Sunday, 19 August, 2007 17:25 Subject: Re: Apachelounge has to remove Apachelounge Feather, be warned On Aug 19, 2007, at 5:49 AM, Steffen wrote: Correct me if I wrong, but sometimes I have the feeling that ASF and/or Covalent Technologies are not happy with the Apache Lounge. And like Tom said before: sounds a bit more territorial than legal to me. Maybe Covalent Technologies is also trying to protect there position as distributor ? Nothing could be further from the truth.
Re: Goodbye
Steffen wrote: > > There is a lot changing in the open-source world. I've seen a similar > discussion with MySQL, although not as painful as the issues we have now. > It seems that MySQL is now releasing "Enterprise" versions frequently and > "Community" versions infrequently. > This is comparing apples and oranges. The ASF does not have such distinctions in releases. It's either released, to one and all, or not. There are no Enterprise or Community versions. > I guess the Apache Foundation is now also starting to act more corporate and > less community-oriented. Sad, but we live in a changing world and this > legalistic-corporate-nasty trend is likely to continue for a while. > Nonesense (imo). And even if true, the ASF (the corporation) exists to be that "legalistic-corporate" entity, so that the projects and PMCs can be 100% community. The 2 issues that seemed to cause this were (1) mis-use of the Apache feather, which is "legalistic-corporate" admittedly and (2) the availability of a non-released tarball with (afaict) no clear distinction that the tarball was, in fact, not an official Apache release tarball, which is admittedly community based (we want to protect users from thinking they are using an official Apache release when they are not). > Steffen > > > - Original Message - > From: "Jim Jagielski" <[EMAIL PROTECTED]> > To: > Cc: <[EMAIL PROTECTED]> > Sent: Sunday, 19 August, 2007 18:24 > Subject: Re: Goodbye > > > > Steffen wrote: > >> > >> The admonishment not to use the feather or the "Apache" name resembles > >> the > >> behavior of the very worst big-software corporations - and a reminder > >> that > >> ASF is after all "... a corporation registered in Delaware, United > >> States..." - not a fellowship of web server administrators, developers, > >> and > >> enthusiasts. It is a sober reminder to us all that caution is needed > >> when > >> dealing with Apache software as with any other software, lest we forget > >> that httpd has become "their product" vs. "our web server". > >> > > > > That is really unfair, I think... Notwithstanding the fact whether > > or not this issue could have been handled better, are you > > really suggesting that the ASF seeking to protect its name, > > reputation, brand and trademarks are somehow Not Good? The ASF > > and the user and developer community have worked long and hard > > in making the name Apache *mean something*. This reputation > > was hard yet well earned. The ASF exists to allow the projects > > to continue doing what they do, and doing it well, without having > > to worry about such troublesome but real world issues such as > > trademarks and things like that... The Apache brand carries a > > lot of weight and respect, and it would be a serious disservice > > to the users and developers to not protect that brand. > > > > No matter what you may be implying, the ASF does not control > > the Apache web server project (httpd) or any other project: > > the PMCs and the community do that. It is, and always will remain > > "our project" (our being the user and developer community). > > > > -- > > === > > Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ > > "If you can dodge a wrench, you can dodge a ball." > > > -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "If you can dodge a wrench, you can dodge a ball."
Re: Goodbye
There is a lot changing in the open-source world. I've seen a similar discussion with MySQL, although not as painful as the issues we have now. It seems that MySQL is now releasing "Enterprise" versions frequently and "Community" versions infrequently. I guess the Apache Foundation is now also starting to act more corporate and less community-oriented. Sad, but we live in a changing world and this legalistic-corporate-nasty trend is likely to continue for a while. Steffen - Original Message - From: "Jim Jagielski" <[EMAIL PROTECTED]> To: Cc: <[EMAIL PROTECTED]> Sent: Sunday, 19 August, 2007 18:24 Subject: Re: Goodbye Steffen wrote: The admonishment not to use the feather or the "Apache" name resembles the behavior of the very worst big-software corporations - and a reminder that ASF is after all "... a corporation registered in Delaware, United States..." - not a fellowship of web server administrators, developers, and enthusiasts. It is a sober reminder to us all that caution is needed when dealing with Apache software as with any other software, lest we forget that httpd has become "their product" vs. "our web server". That is really unfair, I think... Notwithstanding the fact whether or not this issue could have been handled better, are you really suggesting that the ASF seeking to protect its name, reputation, brand and trademarks are somehow Not Good? The ASF and the user and developer community have worked long and hard in making the name Apache *mean something*. This reputation was hard yet well earned. The ASF exists to allow the projects to continue doing what they do, and doing it well, without having to worry about such troublesome but real world issues such as trademarks and things like that... The Apache brand carries a lot of weight and respect, and it would be a serious disservice to the users and developers to not protect that brand. No matter what you may be implying, the ASF does not control the Apache web server project (httpd) or any other project: the PMCs and the community do that. It is, and always will remain "our project" (our being the user and developer community). -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "If you can dodge a wrench, you can dodge a ball."
Re: Goodbye
Jim Jagielski wrote: > Steffen wrote: >> The admonishment not to use the feather or the "Apache" name resembles the >> behavior of the very worst big-software corporations - and a reminder that >> ASF is after all "... a corporation registered in Delaware, United >> States..." - not a fellowship of web server administrators, developers, and >> enthusiasts. It is a sober reminder to us all that caution is needed when >> dealing with Apache software as with any other software, lest we forget >> that httpd has become "their product" vs. "our web server". >> > > That is really unfair, I think... Notwithstanding the fact whether > or not this issue could have been handled better, are you > really suggesting that the ASF seeking to protect its name, > reputation, brand and trademarks are somehow Not Good? The ASF > and the user and developer community have worked long and hard > in making the name Apache *mean something*. This reputation > was hard yet well earned. The ASF exists to allow the projects > to continue doing what they do, and doing it well, without having > to worry about such troublesome but real world issues such as > trademarks and things like that... The Apache brand carries a > lot of weight and respect, and it would be a serious disservice > to the users and developers to not protect that brand. > > No matter what you may be implying, the ASF does not control > the Apache web server project (httpd) or any other project: > the PMCs and the community do that. It is, and always will remain > "our project" (our being the user and developer community). > I have to agree with Jim. While I don't see why the PR PMC shouldn't license you to use the feather and Apache name if you ask nicely, I do agree that the right to demand that the use be requested and specifically licensed is perfectly legit. I do wish you'd reconsider opening the Apache Lounge. If you've really thought it through and are unwilling to re-open it yourself, I'd like to help pick up the ball and continue to serve the win32 community by opening another site to serve similar needs. Your help in that (just helping getting me get something started around where you left off) would be invaluable. I know this might be a touchy subject - I don't want to mooch off of your previous success; I just want to help the community. Let me know. Issac
Re: Goodbye
Steffen wrote: > > The admonishment not to use the feather or the "Apache" name resembles the > behavior of the very worst big-software corporations - and a reminder that > ASF is after all "... a corporation registered in Delaware, United > States..." - not a fellowship of web server administrators, developers, and > enthusiasts. It is a sober reminder to us all that caution is needed when > dealing with Apache software as with any other software, lest we forget > that httpd has become "their product" vs. "our web server". > That is really unfair, I think... Notwithstanding the fact whether or not this issue could have been handled better, are you really suggesting that the ASF seeking to protect its name, reputation, brand and trademarks are somehow Not Good? The ASF and the user and developer community have worked long and hard in making the name Apache *mean something*. This reputation was hard yet well earned. The ASF exists to allow the projects to continue doing what they do, and doing it well, without having to worry about such troublesome but real world issues such as trademarks and things like that... The Apache brand carries a lot of weight and respect, and it would be a serious disservice to the users and developers to not protect that brand. No matter what you may be implying, the ASF does not control the Apache web server project (httpd) or any other project: the PMCs and the community do that. It is, and always will remain "our project" (our being the user and developer community). -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "If you can dodge a wrench, you can dodge a ball."
Re: Apachelounge problems
Colm MacCarthaigh wrote: > > Like I said, as long as ApacheLounge makes clear that the versions it > carries are not ASF releases, it's certainly permitted by the license > and not the least bit out of the ordinary. > That's the point, isn't it?? -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "If you can dodge a wrench, you can dodge a ball."
Goodbye
I am stumped. I am dismayed at the corporate bullying from (one member of) the ASF which I assumed was a collaborative organization - not such a dangerous legal entity. The admonishment not to use the feather or the "Apache" name resembles the behavior of the very worst big-software corporations - and a reminder that ASF is after all "... a corporation registered in Delaware, United States..." - not a fellowship of web server administrators, developers, and enthusiasts. It is a sober reminder to us all that caution is needed when dealing with Apache software as with any other software, lest we forget that httpd has become "their product" vs. "our web server". Members of the Apache Lounge team has discussed the issues: We are closing Apache Lounge. For me it is not worth to spend anymore time on promoting Apache on Windows and given free support. Steffen
Re: Apachelounge problems
On Sun, Aug 19, 2007 at 10:57:10AM -0400, Jim Jagielski wrote: > Released s/w is very very different from s/w that people can > obtain from trunk via svn themselves. The former is an > official distribution of a software project from the PMC (and > hence the ASF). The latter is not. So what though? The *vast* majority of Apache users use versions which were not released by us. There's the Debian/Ubuntu version, the RedHat versions, the BSD versions, the Covalent versions and so on and on. Like I said, as long as ApacheLounge makes clear that the versions it carries are not ASF releases, it's certainly permitted by the license and not the least bit out of the ordinary. -- Colm MacCárthaighPublic Key: [EMAIL PROTECTED]
Re: Apachelounge has to remove Apachelounge Feather, be warned
On Aug 19, 2007, at 5:49 AM, Steffen wrote: Correct me if I wrong, but sometimes I have the feeling that ASF and/or Covalent Technologies are not happy with the Apache Lounge. And like Tom said before: sounds a bit more territorial than legal to me. Maybe Covalent Technologies is also trying to protect there position as distributor ? Nothing could be further from the truth.
Re: Apachelounge problem
There are 2 issues: o Making the test tarball of 2.2.5 available from a site outside of the ASF (potentially with no indication that it is not an official release). o The feather issue. The latter can, and should, certainly be handled by the ASF Public Relations Cmmt ([EMAIL PROTECTED])... I think the former has been hashed out enough :)
Re: Apachelounge problems
On Aug 19, 2007, at 7:08 AM, Colm MacCarthaigh wrote: On Sat, Aug 18, 2007 at 09:46:50PM -0400, Tom Donovan wrote: Maybe not threatening - but it is an eye-opener for some of us that the Apache2 license protects "released" versions of Apache differently. It doesn't. My (possibly faulty) understanding was that the whole "Redistribution" and "Disclaimer of Warranty" parts applied to *any* Apache software - even if it was built from today's bug-ridden head revision of the trunk, It does. Released s/w is very very different from s/w that people can obtain from trunk via svn themselves. The former is an official distribution of a software project from the PMC (and hence the ASF). The latter is not.
Re: Apachelounge problems
On Aug 18, 2007, at 8:00 PM, Issac Goldstand wrote: Steffen, I really don't see anything threatening by what Bill said. On the contrary, he very openly said that there's nothing illegal about releasing an RC; the way I read it, the potential problems are coming from endusers who might use a broken RC, fsck up their systems and go hunting (with a battery of lawyers) for someone to blame. In such a case the first stop would likely be the ASF, but the ASF would tell said pissed off user (and lawyers) that it's none of their concern if said enduser was neglegant enough to use an RC (not a release) in his environment. That is true. It is not a release until the ASF says so. We placed the 2.2.5 tarballs in the development dist location to allow people to test them (I've since made them 600, owned by me), but they are not yet really, officially released. It's a disservice to end-users if they think that they are.
Re: Apachelounge problems
On Sat, Aug 18, 2007 at 09:46:50PM -0400, Tom Donovan wrote: > Maybe not threatening - but it is an eye-opener for some of us that the > Apache2 license protects "released" versions of Apache differently. It doesn't. > My (possibly faulty) understanding was that the whole "Redistribution" > and "Disclaimer of Warranty" parts applied to *any* Apache software - > even if it was built from today's bug-ridden head revision of the trunk, It does. In order the protect *comitters* (not distributors) the ASF have some practises that allow it to (potentially) absorb some of the liability on releases. Because there's a vote and a chain of authority from the board yada yada yada in theory the release is made by the ASF as a corporate entity - not any single person. >From the point of view of a distributor, this practise may incline you to accept that a release is more "clean" but it makes no difference to your liability. As always though, if distributors have legal concerns about anything, then they should consult *their* lawyers. -- Colm MacCárthaighPublic Key: [EMAIL PROTECTED]
Re: Apachelounge problems
On Sat, Aug 18, 2007 at 06:31:01PM -0500, William A. Rowe, Jr. wrote: > * does it correspond to the tag? > * is it correctly licensed? > * is it correctly packaged? > * are any additions that appear to have IP encumbrances? > * does it build? > * does it run? > * does it pass the perl-framework regression tests? > > Since it isn't a release, you don't want to 'ship' it. Who are we to impose our practises on someone else? ApacheLounge clearly does *want* to ship it, as is manifestly evident by the fact it does it so regularly. ApacheLounge can use whatever aribtrary criteria it likes for creating its releases - as long as it makes sure there is no confusion that they are ASF releases. The BSD ports trees regularly contain builds that don't meet the above btw. And I don't think I've *ever* come accross a Linux package that corresponded to the tag. -- Colm MacCárthaighPublic Key: [EMAIL PROTECTED]
Re: Apachelounge has to remove Apachelounge Feather, be warned
On Sun, Aug 19, 2007 at 11:49:10AM +0200, Steffen wrote: > Correct me if I wrong, but sometimes I have the feeling that ASF and/or > Covalent Technologies are not happy with the Apache Lounge. You're wrong in that the ASF (and probably Covalent) are groups of people that don't act with a single concerted will. I have no problem with ApacheLounge. When I did windows dev, it was a great help. -- Colm MacCárthaighPublic Key: [EMAIL PROTECTED]
Re: Apachelounge problems
On Sat, Aug 18, 2007 at 05:09:08PM -0500, William A. Rowe, Jr. wrote: > Hmmm... seems that - even though we've *repeated* this multiple times, > we have to state this again. Contents of http://httpd.apache.org/dev/dist/ > are *development* tarballs and not for any distribution. It's called "dist", clearly they are for any level distribution anyone feels like. Unless you want us to re-license! > Since it's not an ASF release, *you* are absorbing all the liability > and risk that any released ASF package would carry. It's an > apachelounge release, so you would personally answer to any IP issues. > Not smart. Oh come on, our processes are better than that, people can have a reasonably degree of assurance that our trees are licensable with the AL at any given time. -- Colm MacCárthaighPublic Key: [EMAIL PROTECTED]
Re: Apachelounge problems
Rainer, The announcement states it clearly. I had a discussion with Bill about 2.2.4 too in january, and he agreed on this. - Apache 2.2.5 Win32 RC available Apache 2.2.5 Win32 RC is now available for download here at the Apache Lounge. It is build without any modification to the ASF source and is expected soon to be released by ASF. Download and Changelog at www.apachelounge.com/download/ Please report when you have issues with this new build. - and on the download page: Apache 2.2.5 RC with apr-1.2.9 apr-util-1.2.8 apr-iconv-1.2.0 openssl-0.9.8e zlib-1.2.3 : -- - Original Message - From: "Rainer Jung" <[EMAIL PROTECTED]> To: Sent: Sunday, 19 August, 2007 11:38 Subject: Re: Apachelounge problems Hello Steffen, I'm a Tomcat committer but not part of the httpd project. Nevertheless as all projects we also need to control, how release candidates get distributed. On the one hand we want a lot of testers to participate, on the other hand we need to unambiguously tell people downloading the code, that it's a non-release. After you wrote you feedback mail concerning test results for 2.2.5 I was curious and clicked on your download link. I remember that I was astonished, that the 2.2.5 download on that page was not further qualified as being pre-release, release candidate or similar. It could well be, that such an information would have been presented to me, in case I had tried to actually download, which I did not. But at first glance I could not see any information, that 2.2.5 wasn't yet released. Sometimes the problem is in the details. I hope you will soon open up your important community service at apachelounge again. Regards, Rainer Steffen wrote: The angst over Steffen's build sounds a bit more territorial than legal to me. Just my 2c worth... Tom, indeed that is my feeling : territorial. There is more, see my next post about the Apache Feather I have to remove. Steffen
Apachelounge has to remove Apachelounge Feather, be warned
I like to inform you all, just for the complete picture. There is more then the RC issue in the other thread. On request I have to remove the Feather, see the mail below. So other Apache Community sites are warned. And maybe customer sites with the Apache logo must be warned. Till now I was thinking that we where a friends Community in sake of Open Source. Correct me if I wrong, but sometimes I have the feeling that ASF and/or Covalent Technologies are not happy with the Apache Lounge. And like Tom said before: sounds a bit more territorial than legal to me. Maybe Covalent Technologies is also trying to protect there position as distributor ? So I will keeping www.apachelounge.com down , I do not not want to much hassle to sort out the issues addressed here. The forum www.apachelounge.com/forum/ shall I keep up for some time, so users can read the posts. Steffen - Original Message - From: "William A. Rowe, Jr." <[EMAIL PROTECTED]> To: "Steffen" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, 19 August, 2007 03:19 Subject: ASF issues with your site I'd like to bring one other issue to your attention for a prompt resolution. On the subject of the Apache mark, I note that your site uses the ASF feather. Please note that this is the ASF's mark and cannot be used without explicit permission. Also, you have used the Apache name without a clear disclaimer that your site is not affiliated with the Apache Software Foundation or the Apache httpd project. If you would please remove the Apache feather, and indicate the site is not affiliated with the Apache Software Foundation nor the Apache httpd Server Project, I believe this would address all of the Foundation's concerns. For example, if your donation banner read "This site is not affiliated with the Apache Software Foundation or the Apache httpd Project. The site is funded entirely by me (Steffan). By donating you will help keep this site alive and well!" it should clarify the second issue and avoid anyone confusing your site with the Foundation. If you have any questions about the use of the feather or the Apache name, please pose them to our Public Relations Committee, [EMAIL PROTECTED] They are happy to answer any questions
Re: Apachelounge problems
Hello Steffen, I'm a Tomcat committer but not part of the httpd project. Nevertheless as all projects we also need to control, how release candidates get distributed. On the one hand we want a lot of testers to participate, on the other hand we need to unambiguously tell people downloading the code, that it's a non-release. After you wrote you feedback mail concerning test results for 2.2.5 I was curious and clicked on your download link. I remember that I was astonished, that the 2.2.5 download on that page was not further qualified as being pre-release, release candidate or similar. It could well be, that such an information would have been presented to me, in case I had tried to actually download, which I did not. But at first glance I could not see any information, that 2.2.5 wasn't yet released. Sometimes the problem is in the details. I hope you will soon open up your important community service at apachelounge again. Regards, Rainer Steffen wrote: The angst over Steffen's build sounds a bit more territorial than legal to me. Just my 2c worth... Tom, indeed that is my feeling : territorial. There is more, see my next post about the Apache Feather I have to remove. Steffen
Re: Apachelounge problem
[Apologies for breaking threading. Posting from the laptop was refused due to SORBS, so this is cut&paste] On 19 Aug 2007, at 00:40, Steffen wrote: > Thanks for the answer. > I shall keep the site down, I am very disappointed and I feel threatened > by you for legal stuff. That is just a huge overreaction. When in a hole, stop digging. I think Will's first post was ill-judged (see below), and your response made some valid and justified points. But what's said cannot be unsaid, and Will has now tried to explain and mend fences. For everyone's sakes, please do the same. > > I think what you've done for creating a user community around Apache on > > Win is great! Please don't misunderstand that. > > I've had to bring up this issue before, however, and it's very disappointing > > the message didn't get through. And just had oral surgery Thursday, so color > > me cranky. We're all human; we all make mistakes. And we have misunderstandings. Most of us get over them and get on with life. And learn from them (c.f. Davi's suggestion for the naming of RC tarballs). > I feel some emotion in your message, so better that from now on, we should > not test any RC anymore ? > > Because I brought this up before, last year? That could be reason to raise the matter and to be pissed off. But not IMHO in a public forum, and without prior discussion. A private email copied to the PMC rather than the public list, or a followup to http://marc.info/?l=apache-httpd-dev&m=118683454928775&w=2 would seem to me more appropriate. > > Since it isn't a release, you don't want to 'ship' it. Was it clearly identified as release candidate for testing, or could it have been mistaken for an official release? ** [second post] On 19 Aug 2007, at 02:46, Tom Donovan wrote: > Maybe not threatening - but it is an eye-opener for some of us that the > Apache2 license protects "released" versions of Apache differently. It doesn't. It's a purely hypothetical case: someone finds a serious problem with [foo]: for example, it stole SCO's intellectual property (or should that be Timeline's, since they won their cases?) SCO sues for a billion dollars. If [foo] is released, then it's clearly the ASF's responsibility to defend it. If not, there's a gray area: ASF wouldn't want to be liable if [disgruntled IBM employee] commits a big chunk of SCO code, and someone then releases that as an Apache product, even as the ASF goes about removing the offending code. My own view, which has no legal standing whatsoever, is that once something has reached release-candidate, it's pretty much vanishingly unlikely that the ASF would fail to stand by it, UNLESS a redistributor either misrepresented it as a release or failed to take it down and publish a notice after a problem was reported. -- Nick Kew
Re: Apachelounge problems
The angst over Steffen's build sounds a bit more territorial than legal to me. Just my 2c worth... Tom, indeed that is my feeling : territorial. There is more, see my next post about the Apache Feather I have to remove. Steffen - Original Message - From: "Tom Donovan" <[EMAIL PROTECTED]> To: Sent: Sunday, 19 August, 2007 03:46 Subject: Re: Apachelounge problems William A. Rowe, Jr. wrote: > doesn't belong on any external site. Since it's not an ASF release, > *you* are absorbing all the liability and risk that any released ASF > package would carry. It's an apachelounge release, so you would > personally answer to any IP issues. Not smart. Issac Goldstand wrote: > Steffen, > I really don't see anything threatening by what Bill said. On the ... > posting an RC without enough bells, whistles or warning lights > (regardless of how many notices you did put up about it being a RC and > not a release; they'll say it's a binary and who's looking, or Maybe not threatening - but it is an eye-opener for some of us that the Apache2 license protects "released" versions of Apache differently. My (possibly faulty) understanding was that the whole "Redistribution" and "Disclaimer of Warranty" parts applied to *any* Apache software - even if it was built from today's bug-ridden head revision of the trunk, and that it was a solid and reliable protection from just the scenario you describe. The "you-must-build-it-yourself-from-source" rule to test a release candidate probably isn't too much bother for Unix users, but many Windows users look to a small number of "Windows builders" to build a RC like Steffen's VC8 build so they can test what they expect to put into production once the version is released (*if* it is released of course!) I am certainly one of these. The likelihood that Apache Lounge members would mistake Steffen's 2.2.5 build for a released version is no greater than all the many other situations where unreleased versions of open-source software are available. Perhaps a first-time hobbyist experimenter might make this mistake, but certainly not any professional admins. The angst over Steffen's build sounds a bit more territorial than legal to me. Just my 2c worth... -tom-
