Re: uds support

[Stefan Fritsch]

On Mon, 14 Oct 2013, Jim Jagielski wrote:
 On Oct 14, 2013, at 10:09 AM, Plüm, Rüdiger, Vodafone Group 
 ruediger.pl...@vodafone.com wrote:
  Which one?
  
 sock://var/run/server.sock|http://localhost/foo/bar
  
  or
  
 http://localhost/foo/bar|sock:/var/run.s.sock
  
  I guess we could say that the path info for the segment that
  provides the communication scheme (http://localhost/... above),
  if any, is ignored.
  
  eg:
  
 http://localhost/|sock:./rel/dir/s.sock
 ajp://localhost/ignored/path|sock:/var/run/a.sock
  
  I like the above ones most.

IMO it would be better to have the sock: at the start, so that it is 
immediately obvious. Imagine that you'd had to scan a  80 char URL with 
several url parameters for the |, that's annoying and error-prone. 
Alternatively, use a hostname that really stands out, like _unix_ or 
_socket_.

For the scheme I would actually prefer unix:, because that is what other 
programs use (X, socat), and there are a lot more different socket types 
than unix. If not that, I would still prefer sock: over file:, because it 
is IMHO more correct.

Re: [PATCH 55593] Add SSLServerInfoFile directive

[Rob Stradling]

On 14/10/13 17:28, Kaspar Brand wrote:

On 14.10.13 10:51, Rob Stradling wrote:

Kaspar, I don't think data from 2010 (or even data from today) should be
assumed to be a reliable indicator of future use of non-RSA certs on
public sites.


Past performance is not indicative of future performance, as they use
to say in other industries, yes. Did the situation with Certicom's
licensing terms for ECC cert issuance change recently?


Not that I know of.  But, with or without a licence from Certicom, it's 
gradually starting to happen.


Symantec are already issuing ECC certs [1].  Here's one for 
urs.microsoft.com:


-BEGIN CERTIFICATE-
MIIDxjCCA2ugAwIBAgIQUbq+PtTzXy8rOAsfB6suITAKBggqhkjOPQQDAjB7MQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLDAqBgNVBAMTI1N5bWFudGVjIENs
YXNzIDMgRUNDIDI1NiBiaXQgU1NMIENBMB4XDTEzMDkyMDAwMDAwMFoXDTE1MDkx
OTIzNTk1OVowgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw
DgYDVQQHDAdSZWRtb25kMR4wHAYDVQQKDBVNaWNyb3NvZnQgQ29ycG9yYXRpb24x
FDASBgNVBAsMC1NtYXJ0U2NyZWVuMRowGAYDVQQDDBF1cnMubWljcm9zb2Z0LmNv
bTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKRpJylWRGyj0IxBH+SMdRRioQd6
M6mSEDsnrnoLAeQmtJOOeGtafnrX4REkM9ZtsAWBWdynIAIFfBrcEb490+mjggHD
MIIBvzA0BgNVHREELTArghF1cnMubWljcm9zb2Z0LmNvbYIWYmV0YS51cnMubWlj
cm9zb2Z0LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0gBDwwOjA4BgpghkgBhvhFAQc2MCow
KAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHwYDVR0j
BBgwFoAUdXGf/eTFGkqYm6v7wTqsTdTPb4wwTwYDVR0fBEgwRjBEoEKgQIY+aHR0
cDovL1NWUjI1NlNlY3VyZUVDQy1jcmwud3Muc3ltYW50ZWMuY29tL1NWUjI1NlNl
Y3VyZUVDQy5jcmwwgZUGCCsGAQUFBwEBBIGIMIGFMDcGCCsGAQUFBzABhitodHRw
Oi8vU1ZSMjU2U2VjdXJlRUNDLW9jc3Aud3Muc3ltYW50ZWMuY29tMEoGCCsGAQUF
BzAChj5odHRwOi8vU1ZSMjU2U2VjdXJlRUNDLWFpYS53cy5zeW1hbnRlYy5jb20v
U1ZSMjU2U2VjdXJlRUNDLmNlcjAKBggqhkjOPQQDAgNJADBGAiEAxdqO/Zo0L4tY
+1VIXjyDBiWexXHo/LUwxJqWYK1DN/ECIQCcp+fXwMAOiv4OlvHjV3BrNuEdr93m
WLuIyEC12xJ5uw==
-END CERTIFICATE-


AFAICT, interest (amongst the commercial CAs) in ECC certs continues to
grow.  Since a significant proportion (I estimate ~20%) of deployed
clients will accept RSA server certs but not ECC server certs, I think
that configuring both an ECC cert and an RSA cert on a single vhost may
yet become popular!


I'm not saying we should no longer support multiple certs per vhost (in
fact, with my PoC patch, you can send as many certs to OpenSSL if you
increase SSL_AIDX_MAX - though OpenSSL currently can't really cope with
it)... what I'm saying is that I don't see a need for an additional
per-cert directive. To support the current cert concept of OpenSSL for
the SSL_CTX calls, we just need to make sure that we're applying the
OpenSSLConfCmd directives (ServerInfoFile etc.) at the proper place.

Kaspar


Ah, I see.  Thanks for explaining.


[1] 
http://www.symantec.com/connect/blogs/introducing-algorithm-agility-ecc-and-dsa


--
Rob Stradling
Senior Research  Development Scientist
COMODO - Creating Trust Online

Does Apache need Designers?

[Nikash SINGH]

Hi,

I know it's not entirely appropriate to interject on this list, but I've 
exhausted a few other options before deciding to post here.


I'm a User Interface Designer with experience in open source projects 
(OpenOffice.org, then LibreOffice) and I'd like to help by making 
graphics for Apache because I feel particularly passionate about the 
world wide web and its freedom. I've suggested this in the past and met 
with lukewarm reception so I'm posting on this list in hopes it will 
find support with some Developers who see the need for a Designer's 
contribution.


To show how I could contribute (and whether I'm capable of it) I've 
prepared some examples where new imagery might reinforce Apache's 
standing as the premier HTTP server. On this site below, I've proposed 
logos, installers and a website re-skin;


http://nikashsingh.org/apache/


As you can see I'm not radically changing anything, I'm just suggesting 
small improvements to bring the aesthetic of Apache up to date. And I'm 
being realistic about the degree of change necessary, especially on the 
HTTP project website where the changes are CSS-only to minimise work.


For example, this is the current (existing) HTTP project website;
http://httpd.apache.org/

And this is the exact same page with my CSS file added;
http://nikashsingh.org/apache/httpserver/welcome_mod.htm

I know this is a Dev list, but I'm hoping some of you feel inclined 
after viewing the proposals, that the help of a Designer might benefit 
Apache going forward. And even if these examples aren't useful, maybe we 
could discuss the creation of icons/badges/shirts etc? more of my work 
can be found at my volunteer website below.


Thanks for taking a moment to check out the proposals!
I hope you'll consider my request for joining you all in making Apache 
look every bit as good as it works.

-Nik
http://nikashsingh.org

Re: uds support

[Jim Jagielski]

I see a suggestion to:

1. s/sock:/unix:/
2. Reorg as unix:/whatever|http://localhost/

any other comments? I'd like to nail this down...

error log providers, multiple vhosts, mod_syslog

[Jeff Trawick]

Does this patch/commit look okay?  It works for me with a simple provider
in different scenarios (vhost that inherits provider setup from s_main,
vhost that has its own setup).

I suppose mod_syslog needs to disallow any attempts to configure it in a
vhost with different settings since openlog() is process-wide.  Jan, can
you look at that by chance?

-- Forwarded message --
From: traw...@apache.org
Date: Tue, Oct 15, 2013 at 10:09 AM
Subject: svn commit: r1532344 - /httpd/httpd/trunk/server/log.c
To: c...@httpd.apache.org


Author: trawick
Date: Tue Oct 15 14:09:29 2013
New Revision: 1532344

URL: http://svn.apache.org/r1532344
Log:
Follow-up to r1525597:

Initialize error log providers in vhosts, solving crashes
when logging from those vhosts as well as allowing a different
provider (or provider configuration) for vhosts.

Modified:
httpd/httpd/trunk/server/log.c

Modified: httpd/httpd/trunk/server/log.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/server/log.c?rev=1532344r1=1532343r2=1532344view=diff
==
--- httpd/httpd/trunk/server/log.c (original)
+++ httpd/httpd/trunk/server/log.c Tue Oct 15 14:09:29 2013
@@ -458,6 +458,18 @@ int ap_open_logs(apr_pool_t *pconf, apr_
 virt-error_log = q-error_log;
 }
 }
+else if (virt-errorlog_provider) {
+/* separately-configured vhost-specific provider */
+if (open_error_log(virt, 0, p) != OK) {
+return DONE;
+}
+}
+else if (s_main-errorlog_provider) {
+/* inherit provider from s_main */
+virt-errorlog_provider = s_main-errorlog_provider;
+virt-errorlog_provider_handle =
s_main-errorlog_provider_handle;
+virt-error_log = NULL;
+}
 else {
 virt-error_log = s_main-error_log;
 }





-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: Does Apache need Designers?

[Rich Bowen]

On 10/15/2013 07:28 AM, Nikash SINGH wrote:

Hi,

I know it's not entirely appropriate to interject on this list, but 
I've exhausted a few other options before deciding to post here.


I'm a User Interface Designer with experience in open source projects 
(OpenOffice.org, then LibreOffice) and I'd like to help by making 
graphics for Apache because I feel particularly passionate about the 
world wide web and its freedom. I've suggested this in the past and 
met with lukewarm reception so I'm posting on this list in hopes it 
will find support with some Developers who see the need for a 
Designer's contribution.


To show how I could contribute (and whether I'm capable of it) I've 
prepared some examples where new imagery might reinforce Apache's 
standing as the premier HTTP server. On this site below, I've proposed 
logos, installers and a website re-skin;


http://nikashsingh.org/apache/


As you can see I'm not radically changing anything, I'm just 
suggesting small improvements to bring the aesthetic of Apache up to 
date. And I'm being realistic about the degree of change necessary, 
especially on the HTTP project website where the changes are CSS-only 
to minimise work.


For example, this is the current (existing) HTTP project website;
http://httpd.apache.org/

And this is the exact same page with my CSS file added;
http://nikashsingh.org/apache/httpserver/welcome_mod.htm

I know this is a Dev list, but I'm hoping some of you feel inclined 
after viewing the proposals, that the help of a Designer might benefit 
Apache going forward. And even if these examples aren't useful, maybe 
we could discuss the creation of icons/badges/shirts etc? more of my 
work can be found at my volunteer website below.


Thanks for taking a moment to check out the proposals!
I hope you'll consider my request for joining you all in making Apache 
look every bit as good as it works.

-Nik
http://nikashsingh.org 

So, a few comments:

First, I like what you've proposed regarding the httpd website, although 
the blue marble thing next to the project name seems out of place. Are 
you changes just to CSS, or are they changes to the HTML? (I didn't dig 
too deeply, as you can see.) I also like the changes to the Windows 
installer. I'm not at all sure what's involved in changing the look of 
the installer.


Second, you've proposed changes to the httpd website, but also to stuff 
that is at the Foundation level. Any changes to the logo would have to 
be decided on the Trademarks mailing list - tradema...@apache.org - 
rather than on a list dealing with just one project within the 
Foundation. In case you're not very familiar with the Foundation, there 
are 100+ projects, and httpd is just one of them. All project have equal 
footing within the Foundation, and such a thing, affecting the entire 
Foundation, could not be decided here.



--
Rich Bowen
rbo...@rcbowen.com
Shosholoza

Re: Does Apache need Designers?

[Daniel Gruno]

On 10/15/2013 05:43 PM, Rich Bowen wrote:
 On 10/15/2013 07:28 AM, Nikash SINGH wrote:
 Hi,

 I know it's not entirely appropriate to interject on this list, but
 I've exhausted a few other options before deciding to post here.

 I'm a User Interface Designer with experience in open source projects
 (OpenOffice.org, then LibreOffice) and I'd like to help by making
 graphics for Apache because I feel particularly passionate about the
 world wide web and its freedom. I've suggested this in the past and
 met with lukewarm reception so I'm posting on this list in hopes it
 will find support with some Developers who see the need for a
 Designer's contribution.

 To show how I could contribute (and whether I'm capable of it) I've
 prepared some examples where new imagery might reinforce Apache's
 standing as the premier HTTP server. On this site below, I've proposed
 logos, installers and a website re-skin;

 http://nikashsingh.org/apache/


 As you can see I'm not radically changing anything, I'm just
 suggesting small improvements to bring the aesthetic of Apache up to
 date. And I'm being realistic about the degree of change necessary,
 especially on the HTTP project website where the changes are CSS-only
 to minimise work.

 For example, this is the current (existing) HTTP project website;
 http://httpd.apache.org/

 And this is the exact same page with my CSS file added;
 http://nikashsingh.org/apache/httpserver/welcome_mod.htm

 I know this is a Dev list, but I'm hoping some of you feel inclined
 after viewing the proposals, that the help of a Designer might benefit
 Apache going forward. And even if these examples aren't useful, maybe
 we could discuss the creation of icons/badges/shirts etc? more of my
 work can be found at my volunteer website below.

 Thanks for taking a moment to check out the proposals!
 I hope you'll consider my request for joining you all in making Apache
 look every bit as good as it works.
 -Nik
 http://nikashsingh.org 
 So, a few comments:
 
 First, I like what you've proposed regarding the httpd website, although
 the blue marble thing next to the project name seems out of place. Are
 you changes just to CSS, or are they changes to the HTML? (I didn't dig
 too deeply, as you can see.) I also like the changes to the Windows
 installer. I'm not at all sure what's involved in changing the look of
 the installer.
 
 Second, you've proposed changes to the httpd website, but also to stuff
 that is at the Foundation level. Any changes to the logo would have to
 be decided on the Trademarks mailing list - tradema...@apache.org -
 rather than on a list dealing with just one project within the
 Foundation. In case you're not very familiar with the Foundation, there
 are 100+ projects, and httpd is just one of them. All project have equal
 footing within the Foundation, and such a thing, affecting the entire
 Foundation, could not be decided here.
 
 
 -- 
 Rich Bowen
 rbo...@rcbowen.com
 Shosholoza
 
I like the sentiment, and I support _some form_ of overhaul of our site.
I'm not sure I'd go for any of the specific designs proposed, but it's a
good starting point, at least to get the ball rolling. There's also
issues of licensing and contributor agreements and what not that needs
to be sorted out.

If there's not too much disgruntlement, perhaps we can, to paraphrase
mr. Bush, find a Coalition of Willing that would sit down and look at
how we could proceed with this? I'm certainly up for it (*writes own
name down on a napkin*).

With regards,
Daniel.

Re: uds support

[Jim Jagielski]

I went ahead and made an exec decision to baseline

unix:/path/to/sock.sock|http:

as canon. trunk now does this.

Re: uds support

[Graham Leggett]

On 15 Oct 2013, at 7:01 PM, Jim Jagielski j...@jagunet.com wrote:

 I went ahead and made an exec decision to baseline
 
   unix:/path/to/sock.sock|http:
 
 as canon. trunk now does this.

Can we further define it that /path/to/sock.sock is urlencoded?

The | character makes me twitch, but I don't have a better suggestion. :(

Regards,
Graham
--

ap_proxy_share_worker/balancer possible use of freed mem

[Yann Ylavic]

Helo,

these functions may try to log malloc()ed worker/balancer's shared data
freed just earlier.

Yet, mod_proxy does not seem to set the ap_proxy_define_worker/balancer()'s
do_malloc flag anywhere, so malloc()ed shared data should not occur.

However that's allowed by the API...
A possible patch follows.

Regards,
Yann.

Index: modules/proxy/proxy_util.c
===
--- modules/proxy/proxy_util.c(revision 1532496)
+++ modules/proxy/proxy_util.c(working copy)
@@ -1218,11 +1218,13 @@ PROXY_DECLARE(apr_status_t) ap_proxy_share_balance
 } else {
 action = re-using;
 }
+balancer-s = shm;
+balancer-s-index = i;
+
 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, APLOGNO(02337)
  %s shm[%d] (0x%pp) for %s, action, i, (void *)shm,
  balancer-s-name);
-balancer-s = shm;
-balancer-s-index = i;
+
 /* the below should always succeed */
 lbmethod = ap_lookup_provider(PROXY_LBMETHOD, balancer-s-lbpname,
0);
 if (lbmethod) {
@@ -1731,12 +1733,13 @@ PROXY_DECLARE(apr_status_t) ap_proxy_share_worker(
 } else {
 action = re-using;
 }
+worker-s = shm;
+worker-s-index = i;
+
 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, APLOGNO(02338)
  %s shm[%d] (0x%pp) for worker: %s, action, i, (void
*)shm,
  ap_proxy_worker_name(NULL, worker));

-worker-s = shm;
-worker-s-index = i;
 return APR_SUCCESS;
 }
 [EOS]


httpd-trunk-proxy_util_possible_freed_mem_use.patch
Description: Binary data

Re: ap_proxy_share_worker/balancer possible use of freed mem

[Jim Jagielski]

Nice catch
On Oct 15, 2013, at 3:54 PM, Yann Ylavic ylavic@gmail.com wrote:

Re: uds support

[Blaise Tarr]

On Tue, Oct 15, 2013 at 1:01 PM, Jim Jagielski j...@jagunet.com wrote:

 I went ahead and made an exec decision to baseline

 unix:/path/to/sock.sock|http:

 as canon. trunk now does this.

Jim, thanks for working on this. With this latest approach how is the URI
path specified? For example, with the original patch which relied on the
URL encoded slashes we could have:

ProxyPass fcgi://socket=%2ftmp%2fphp-fpm.sock/local/htdocs/

How would that look now (specifically the /local/htdocs portion)?

-- 
Blaise

Re: uds support

[Jim Jagielski]

On Oct 15, 2013, at 4:57 PM, Blaise Tarr blaise.t...@gmail.com wrote:

 On Tue, Oct 15, 2013 at 1:01 PM, Jim Jagielski j...@jagunet.com wrote:
 
  I went ahead and made an exec decision to baseline
 
  unix:/path/to/sock.sock|http:
 
  as canon. trunk now does this.
 
 Jim, thanks for working on this. With this latest approach how is the URI 
 path specified? For example, with the original patch which relied on the URL 
 encoded slashes we could have:
 
 ProxyPass fcgi://socket=%2ftmp%2fphp-fpm.sock/local/htdocs/
 
 How would that look now (specifically the /local/htdocs portion)?
 

Currently, the path of the http: (or whatever) path is
ignored; the next step is to add that in.

Re: mod_proxy ping and r-expecting_100

[Yann Ylavic]

Here is a way to reproduce the issues (trunk and 2.4.x) discussed :

$ cat httpd.conf
[...]
VirtualHost 127.0.0.1:8080
ServerName localhost:8080
ProxyPass / http://localhost:80/ ping=10
ProxyPassReverse / http://localhost:80/
/VirtualHost


For this first request, the client does not expect a 100-continue but gets
one :

$ nc localhost 8080 EOS
POST / HTTP/1.1
Host: localhost:8080
Content-Type: text/plain
Content-Length: 10

123456789
EOS
HTTP/1.1 100 Continue

HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 257
Content-Type: text/html; charset=iso-8859-1
[...]
addressApache Server at localhost Port 80/address
/body/html


For this second request, the backend (httpd-2.2.16) does not like the
double Expect: 100-continue :

$ nc localhost 8080 EOS
POST / HTTP/1.1
Host: localhost:8080
Content-Type: text/plain
Content-Length: 10
Expect: 100-continue

123456789
EOS
HTTP/1.1 100 Continue

HTTP/1.1 417 Expectation Failed
Server: Apache
Content-Length: 437
Content-Type: text/html; charset=iso-8859-1
[...]
pThe expectation given in the Expect request-header
field could not be met by this server.
The client sentpre
Expect: 100-continue, 100-Continue
/pre
/ppOnly the 100-continue expectation is supported./p
hr
addressApache Server at localhost Port 80/address
/body/html

With the patch proposed, it works as expected,
regards.



On Thu, Oct 10, 2013 at 1:10 AM, Yann Ylavic ylavic@gmail.com wrote:




 On Tue, Oct 8, 2013 at 9:01 PM, Jim Jagielski j...@jagunet.com wrote:


 On Oct 8, 2013, at 1:25 PM, Yann Ylavic ylavic@gmail.com wrote:

  Helo,
 
  in the case where a ping is configured in a worker to check backend's
 connection (re)usability, ap_proxy_create_hdrbrgd will force
 r-expecting_100 (r1516930).
 
  As I understand it, r-expecting_100 relates to the client's
 connection, and is used by ap_http_filter to deal with client's
 100-continue expectation, or by ap_send_interim_response to check whether
 the client expects one (or do nothing).
 
  Hence why is ap_proxy_create_hdrbrgd setting r-expecting_100 for the
 purpose of the backend connection?
 

 because we are forcing the 100-continue on that request.
 See ap_proxy_http_process_response()


 For what I understand from this ap_proxy_http_process_response() code :

 if (interim_response) {
 /* RFC2616 tells us to forward this.
  *
  * OTOH, an interim response here may mean the backend
  * is playing sillybuggers.  The Client didn't ask for
  * it within the defined HTTP/1.1 mechanisms, and if
  * it's an extension, it may also be unsupported by us.
  *
  * There's also the possibility that changing existing
  * behaviour here might break something.
  *
  * So let's make it configurable.
  *
  * We need to set r-expecting_100 = 1 otherwise origin
  * server behaviour will apply.
  */
 const char *policy = apr_table_get(r-subprocess_env,
proxy-interim-response);
 [...]
 if (!policy
 || (!strcasecmp(policy, RFC)  ((r-expecting_100 =
 1 {
 ap_send_interim_response(r, 1);
 }
 [...or else discard that response...]
 }

 ap_proxy_http_process_response() takes care of whether to forward a 100
 Continue response from the backend to the client,
 ap_send_interim_response() won't send anything unless r-expecting_100,
 but ENV:proxy-interim-response can force things.

 Is setting r-expecting_100 in ap_proxy_create_hdrbrgd() for
 ap_proxy_http_process_response() to forward the interim response(s)?
 If so, the bad path is that ap_http_filter() will first use
 r-expecting_100 (and reset it) for sending its own interim response (which
 isn't expected!).
 That's because the request body is prefetched (and then forwarded) before
 ap_proxy_http_process_response() is called, hence r-expecting_100 will
 never reach ap_proxy_http_process_response(), and no upcoming 100
 Continue response from the backend will be forwarded to the client (unless
 ENV:proxy-interim-response is RFC).

 However there are 2 cases where mod_proxy_http expects a 100 Continue :
 1. it forwards an Expect: 100 from the client, or/and
 2. it adds/uses the Expect: 100 as a ping/continue-pong.

 And the RFC2616 states :
 - 10.1 Informational 1xx
[...]
Proxies MUST forward 1xx responses, unless the connection between the
proxy and its client has been closed, or unless the proxy itself
requested the generation of the 1xx response. (For example, if a
proxy adds a Expect: 100-continue field when it forwards a request,
then it need not forward the corresponding 100 (Continue)
response(s).)

 For case 1 (with or without case 2), let ap_proxy_http_process_response()
 choose as usual whether to forward the interims.

 For 

Re: Does Apache need Designers?

[Nikash SINGH]

Hi again,

Thank you *Daniel*, *Rich* and *Steve* for your replies.
I've responded inline and I'll take this conversation off your list and 
move it to the trademarks list.
And if you don't mind I'll report back with one quick message once I 
have their replies about whether an update to the HTTP project website 
is permissible so that anyone wanting to help me update the site knows 
how we can proceed.


On 16/10/13 2:50 AM, Daniel Gruno wrote:

On 10/15/2013 05:43 PM, Rich Bowen wrote:

So, a few comments:
...
Are you changes just to CSS, or are they changes to the HTML?


Yup, just CSS, I've kept the changes as minimal as possible to ensure 
the least amount of work need be done to make the changes happen.



  I also like the changes to the Windows
installer. I'm not at all sure what's involved in changing the look of
the installer.


Neither am I, but I'd be more than happy to provide the graphics if a 
more proficient Developer can help me integrate them into the installer.



Second, you've proposed changes to the httpd website, but also to stuff
that is at the Foundation level. Any changes to the logo would have to
be decided on the Trademarks mailing list - tradema...@apache.org -


Thanks for that Rich, something I overlooked while hunting for relevant 
mailing lists.
And while I'd like the /Foundation/ to consider an overall Design 
update, I'd also ask the /HTTP project/ to consider its website and 
installer, because as I say, improving the HTTP server project is where 
most of the interest for me lies in Apache.



...

--
Rich Bowen
rbo...@rcbowen.com
Shosholoza


I like the sentiment, and I support _some form_ of overhaul of our site.
I'm not sure I'd go for any of the specific designs proposed, but it's a
good starting point,


Yeah I can appreciate that, I was trying to work with the existing 
styles and language of the Apache website though they are difficult to 
work with and dated. I'm happy to iterate because that is always a good 
thing, I'm just trying to gauge interest first to see whether change is 
welcome.



If there's not too much disgruntlement, perhaps we can, to paraphrase
mr. Bush, find a Coalition of Willing that would sit down and look at
how we could proceed with this? I'm certainly up for it (*writes own
name down on a napkin*).


Thanks Daniel! I'm certainly willing and I'll keep you (and anyone else 
that raises their hand) informed of the discussion on the trademarks list.



...
With regards,
Daniel.



And Steve, I'd be VERY interested in helping with the openSSL website. I 
can't say I understand SSL very well, but if that is not a (idealistic) 
problem for you we can discuss the possibility off-list? Please send me 
a private Email with more details and we'll talk shop =)


In any case, whether my attempts to introduce new Designs are successful 
or not, I just want to say thanks to the entire project and that there's 
plenty of us who appreciate what you do and what it means to an open 
internet.


-Nik