Re: Thoughts on 2.5.0
On 10/24/2017 11:45 AM, William A Rowe Jr wrote: On Tue, Oct 24, 2017 at 12:35 PM, Jim Jagielskiwrote: That is way when we backport we transition to RTC, because we want to ENSURE it's been reviewed. Wrong. I was there. RTC was adopted in order to ensure both the reliability but moreso, the compatibility of changes during a given x.y major/minor release cycle. CTR existed to make forward progress and get out of our developers' way. I'm not really sure Jim's statement here is "wrong". Regardless of historical context. We use RTC when we want to guarantee review. You are suggesting a change of policy. It is not policy to use RTC to get from trunk to 2.6.0, and will not become policy without a vote for such a change by the PMC. I'm not entirely convinced Jim is suggesting a change in policy, as you say. But in any case, I would be +1 to such a change. We should not be releasing a 2.6.x that contains unreviewed code. --Jacob
Re: svn commit: r1813167 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy.c modules/proxy/mod_proxy_balancer.c
> On Oct 24, 2017, at 4:16 PM, Yann Ylavicwrote: > > > Meaning that we now have a granularity of 10KB (instead of previous > 100B, max) before a balancer member can take over the previous one (I > wondered why several successive small requests were always reaching > the same backend...). > long-term patterns is what the methods provide... you can't guarantee short-term behavior.
Re: svn commit: r1813167 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy.c modules/proxy/mod_proxy_balancer.c
As you said, the external representation as a float is syntactic sugar. But the patch breaks that. Someone enters in, for example, 2.50 and what's displayed in 250, instead of 2.50. Since all this is normalized by how ldfactor is USED, the algos still work, but are now more granular, which is what we wanted. > On Oct 24, 2017, at 4:16 PM, Yann Ylavicwrote: > > On Tue, Oct 24, 2017 at 3:28 PM, Jim Jagielski wrote: >> I don't understand this patch. It looks like we are no lingering externally >> representing ldfactor as a float (e.g.: 2.50). Is that right? If so, >> I'm not sure why... > > It seems to me that ldfactor expressed as "float" is just syntactic > sugar, it's still an "int" in struct proxy_worker_shared. > > The lbmethods' algorithms were previously given value between 1 and > 100, and since 2.4.28 this value is effectively between 100 and 1. > For, e.g. bytraffic, this changes the below computation a bit: > >mytraffic = ((*worker)->s->transferred / (*worker)->s->lbfactor) + >((*worker)->s->read / (*worker)->s->lbfactor); > > Meaning that we now have a granularity of 10KB (instead of previous > 100B, max) before a balancer member can take over the previous one (I > wondered why several successive small requests were always reaching > the same backend...). > > It's fine that users can now use decimal numbers between 1.0 and 10.0 > (or still non-decimals between 1 and 100 as before, though they > probably shouldn't mix both), but it shouldn't change lbmethods > behaviour IMHO. > > The other builtin lbmethods don't seem impacted though (they only sum > up lbfactor), so maybe we need something for bytraffic only...
Re: Pruning working branches (Was: Re: Why?)
On Tue, Oct 24, 2017 at 8:11 AM, William A Rowe Jrwrote: > On Tue, Oct 24, 2017 at 3:28 AM, Steffen wrote: >> >> On Tuesday 24/10/2017 at 10:26, Steffen wrote: >> >> Can someone clean up the not needed anymore backports/branches >> http://svn.apache.org/viewvc/httpd/httpd/branches/ >> > > httpd 2.4.1 was tagged at r1243503. > > I'd propose we start by pruning all working branches not updated since this > tag. > > Thoughts? To clarify; this list consists of; Last rev – Last modified – Branch 371484 11 years async-read-dev/ 367678 11 years authz-dev/ 446636 11 years cache-refactor/ 369019 11 years execd-dev/ 393955 11 years fcgi-proxy-dev/ 8095458 years httpd-2.2-proxy/ 431328 11 years httpd-proxy-scoreboard/ 1200612 5 years input-filter-dev/ 171035 12 years listen-protocol/ 151147 12 years proxy-reqbody/ 1150173 6 years revert-ap-ldap/ 7236558 years wombat-integration/
Re: svn commit: r1813167 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy.c modules/proxy/mod_proxy_balancer.c
On Tue, Oct 24, 2017 at 3:28 PM, Jim Jagielskiwrote: > I don't understand this patch. It looks like we are no lingering externally > representing ldfactor as a float (e.g.: 2.50). Is that right? If so, > I'm not sure why... It seems to me that ldfactor expressed as "float" is just syntactic sugar, it's still an "int" in struct proxy_worker_shared. The lbmethods' algorithms were previously given value between 1 and 100, and since 2.4.28 this value is effectively between 100 and 1. For, e.g. bytraffic, this changes the below computation a bit: mytraffic = ((*worker)->s->transferred / (*worker)->s->lbfactor) + ((*worker)->s->read / (*worker)->s->lbfactor); Meaning that we now have a granularity of 10KB (instead of previous 100B, max) before a balancer member can take over the previous one (I wondered why several successive small requests were always reaching the same backend...). It's fine that users can now use decimal numbers between 1.0 and 10.0 (or still non-decimals between 1 and 100 as before, though they probably shouldn't mix both), but it shouldn't change lbmethods behaviour IMHO. The other builtin lbmethods don't seem impacted though (they only sum up lbfactor), so maybe we need something for bytraffic only...
Re: Thoughts on 2.5.0
> On 24 Oct 2017, at 14:42, Jim Jagielskiwrote: > > I would like to start a discussion on 2.5.0 and give > some insights on my thoughts related to it. > > First and foremost: there is cool stuff in 2.5.0 > that I really, REALLY wish were in a releasable, usable > artifact. Up to now, we've been doing these as backports > to the 2.4.x tree with, imo at least, good success. > > So I think the main questions regarding 2.5.0 is a list > of items/issues that simply *cannot* be backported, due > to API/ABI concerns. And then gauge the "value" of > the items on that list. > > Another would be to look at some of the items currently > "on hold" for backporting, due to outstanding questions, > tech issues, more needed work/QA, etc... IMO, if these > backports lack "support" for 2.4.x, then I wonder how > "reliable" they are (or how tested they are) in the 2.5.o > tree. And if the answer is "we pull them out of 2.5.0" > then the question after that is what really *are* the > diffs between 2.5.0 and 2.4.x... If, however, the > answer is "tagging 2.5.0 will encourage us to address > those issues" then my question is "Why aren't we doing > that now... for 2.4.x". > > And finally: 2.4.x is now, finally, being the default > version in distros, being the go-to version that people > are using, etc... I would like us to encourage that > momentum. As an observer, I’d like to ask what your goals are for these branches and what kinds of expectations would you like consumers of these branches to have? - Mark
Re: Thoughts on 2.5.0
On Tue, Oct 24, 2017 at 1:45 PM, William A Rowe Jrwrote: > > Proceeding as documented and practiced, between trunk and 2.6.0 tag, > we operate under RTC until the committee adopts a rewritten policy. under CTR, of course :)
Re: Thoughts on 2.5.0
On Tue, Oct 24, 2017 at 12:35 PM, Jim Jagielskiwrote: > >> That's what commit-then-review means. If you failed to >> review it, you now have a six year knowledge gap and review to >> conduct. That's not sustainable, nobody at the project has that kind >> of time. > > "Review" does not have a time limit. Anyone can, and should, review > whenever they wish. Correct. > Just because something has been folded > in does not mean it has necessarily been reviewed. Nor does it mean it hasn't. > That is way when we backport we transition to RTC, because > we want to ENSURE it's been reviewed. Wrong. I was there. RTC was adopted in order to ensure both the reliability but moreso, the compatibility of changes during a given x.y major/minor release cycle. CTR existed to make forward progress and get out of our developers' way. We did not get to 2.0.35 GA under RTC. We did not get to 2.2.0 GA under RTC, we did not get to 2.4.1 GA under RTC. Proceeding as documented and practiced, between trunk and 2.6.0 tag, we operate under RTC until the committee adopts a rewritten policy. > Just tagging/releasing something that has been CTR does not > automatically nor magically make all the commits "reviewed". Nor does it indicate they were *not* reviewed. It is not our responsibility to account to you what we collectively have reviewed over the past six years because others failed to review what is committed to the repository. You are suggesting a change of policy. It is not policy to use RTC to get from trunk to 2.6.0, and will not become policy without a vote for such a change by the PMC. You are contriving policy; I don't know what your agenda is until you put forward a policy change which we can debate as a community. But I am proceeding under current policy and the mechanisms which ultimately got us to 2.0, 2.2 and 2.4. > Nor does it mean that people cannot re-review and even veto > the commit. > > These are bits, not concrete. Agreed.
Re: Thoughts on 2.5.0
On Tue, Oct 24, 2017 at 12:39 PM, Jim Jagielskiwrote: > On Tue, Oct 24, 2017 at 11:20 AM, William A Rowe Jr > wrote: >> On Tue, Oct 24, 2017 at 8:42 AM, Jim Jagielski wrote: >>> >>> Another would be to look at some of the items currently >>> "on hold" for backporting, due to outstanding questions, >>> tech issues, more needed work/QA, etc... IMO, if these >>> backports lack "support" for 2.4.x, then I wonder how >>> "reliable" they are (or how tested they are) in the 2.5.o >>> tree. And if the answer is "we pull them out of 2.5.0" >>> then the question after that is what really *are* the >>> diffs between 2.5.0 and 2.4.x... If, however, the >>> answer is "tagging 2.5.0 will encourage us to address >>> those issues" then my question is "Why aren't we doing >>> that now... for 2.4.x". >> >> I am not doing it for 2.4.x, and will continue not to do it for 2.4.x, >> because I won't contribute to further destabilizing 2.4.x current >> releases. > > So you refuse to help stabilize the 2.4.x tree, but then complain > that the 2.4.x tree is unstable. Because introducing unwise enhancements makes it so; because branch hygiene makes it so. I'm not going to battle either windmill, since current practice dictates that it is a losing battle. I'll continue to review and vote up bug fixes. I'll continue to push bugfixes I write at 2.4.x. I'll continue to skim enhancements for breakage that I can spot. > OK. That's fine. Your cycles are yours to use as you wish. There we go again with the personal swipes. Please speak to process and code, not people. This is exactly the point, of course. Those who wanted to maintain 2.2 did so, irrespective of what those other committers, who could not have cared less, chose to work on. And so it will be after 2.4, committers can keep maintaining 2.4, during the 2.5 cycle and beyond 2.6.0/3.0.0. Those who simply want to develop can develop.
Re: Thoughts on 2.5.0
> > I am not doing it for 2.4.x, and will continue not to do it for 2.4.x, > because I won't contribute to further destabilizing 2.4.x current > releases. So you refuse to help stabilize the 2.4.x tree, but then complain that the 2.4.x tree is unstable. OK. That's fine. Your cycles are yours to use as you wish.
Re: Thoughts on 2.5.0
> That's what commit-then-review means. If you failed to > review it, you now have a six year knowledge gap and review to > conduct. That's not sustainable, nobody at the project has that kind > of time. "Review" does not have a time limit. Anyone can, and should, review whenever they wish. Just because something has been folded in does not mean it has necessarily been reviewed. That is way when we backport we transition to RTC, because we want to ENSURE it's been reviewed. Just tagging/releasing something that has been CTR does not automatically nor magically make all the commits "reviewed". Nor does it mean that people cannot re-review and even veto the commit. These are bits, not concrete.
[Proposal] 2.5.x -> 2.6.0/3.0.0 transition guidelines
I'd like to propose the following, so we can decide on what course to chart between here and there. Today we are at 2.5.0-dev, slated to become 2.5.0 non-GA release. Through a series of non-GA releases, 2.5.x is eventually approved to become the next 'evens' GA release. What we number that by default is 2.6.0, or if the group decides the changes are significant enough, 3.0.0. What I propose now is that we designate all 2.5.x releases as -alpha *until the list decides the API (not ABI) changes are complete*. That's the only process change. We track this through STATUS, with a vote to promote API-changing proposals to SHOWSTOPPERs to -beta. So developers will be aware when we declare -beta that we will no longer change the API for them, and their modules must conform to the new API, barring any radical discoveries that prevent us from shipping that API (which might then return us to the -alpha phase.) E.g. we had a security@ discussion about changing the handling of URI significantly so that the meaning of escaped vs. unescaped characters is never obtuse. There are several proposals on that table (embargoed at that time waiting for our HTTP protocol correctness patches to be published.) Those need to come here to dev@. One of them will land in STATUS, and will inevitably be upvoted to SHOWSTOPPER status; 2.5.x-beta shouldn't happen, IMO, until some code and structure changes to accomplish this has been accepted. Because it is CTR, we don't need STATUS for patch voting, but I do think we want STATUS to identify what is the minimum changes needed to declare the next API/ABI-breaking release complete and ready for -beta. Thoughts?
Re: Why tag 2.5.0? [Was: Re: Tagging 2.4.29 / 2.5.0-{alpha/beta?} today]
On Tue, Oct 24, 2017 at 3:12 AM, Stefan Eissingwrote: > FTR: I refuse any discussion where people, already in the initial > statements, discuss each others merit and downfalls and whatnot. > > If you want to talk about technical stuff and/or propose a project plan, > start a new thread without all that destructive crap I will not waste > any more time than this mail about. That's exactly what I did; On Fri, Oct 13, 2017 at 8:19 AM, William A Rowe Jr wrote: > Is anyone seeing an issue of concern about stability on 2.4.x branch? > > Has anyone else looked at Jim's proposed fixes for xcode 9 building > under maintainer mode? A couple-line quick fix to configure.in, that > anyone on OS/X should be able to validate in minutes. The same fix > is already present on APR's branches, which I will tag as well. > > I'll proceed to tag 2.5.0, and 2.4.29 after a couple hour comment > period, so that the many proposed enhancements can be examined > by alpha testers and our quick adopters of 2.4.28 can be back on track > by early next week. That should simplify getting some of the more > complex patches backported as necessary, or move us forward > in any case. There was no animus or personality involved in this statement. Follow the thread to find out where it "broke" and who broke it. I will kill this thread; I should have limited it to responding that our ruleset inhibits vetoes of tags and releases; then a second fresh thread not to anyone's comment in particular explaining the basis of 2.5.0-alpha. My bad, I apologize for mixing the two, and will more carefully avoid this in the future.
Re: Thoughts on 2.5.0
I will preface by stating that you are referring to 2.6.0 or 3.0.0, our next GA, which is not yet what I've suggested on list. I'll start another thread on 2.5.0 development branch, and run with your discussion of the next GA... On Tue, Oct 24, 2017 at 8:42 AM, Jim Jagielskiwrote: > I would like to start a discussion on 2.5.0 and give > some insights on my thoughts related to it. > > First and foremost: there is cool stuff in 2.5.0 > that I really, REALLY wish were in a releasable, usable > artifact. Up to now, we've been doing these as backports > to the 2.4.x tree with, imo at least, good success. The 2.4.x release series has a >50% regression rate release by release, comparing released 2.4.n to 2.4.prev. I don't consider that 'good'. This is because 2.4 is not a maintenance branch, and is therefore not stable. But we don't have to extend this conversation because I brought up the concern previously and the concern was rejected. A 2.5.x alpha preview branch *with community testers* would have avoided a great number of these regressions, if the community had a chance to test and provide feedback. > So I think the main questions regarding 2.5.0 is a list > of items/issues that simply *cannot* be backported, due > to API/ABI concerns. And then gauge the "value" of > the items on that list. Disagreed. That the code was committed and passively vetoed due to an unwillingness of the project to release it. httpd 2.4.0 was forked at r1200449. This happened 6 years ago as of this coming Nov 10th. What is that code? Discounting all changes to docs/, all changes in whitespace, line endings and propchanges, the remaining delta is; + 36654 lines + 1014607 non-whitespace characters - 17198 lines - 610777 non-whitespace characters > Another would be to look at some of the items currently > "on hold" for backporting, due to outstanding questions, > tech issues, more needed work/QA, etc... IMO, if these > backports lack "support" for 2.4.x, then I wonder how > "reliable" they are (or how tested they are) in the 2.5.o > tree. And if the answer is "we pull them out of 2.5.0" > then the question after that is what really *are* the > diffs between 2.5.0 and 2.4.x... If, however, the > answer is "tagging 2.5.0 will encourage us to address > those issues" then my question is "Why aren't we doing > that now... for 2.4.x". I am not doing it for 2.4.x, and will continue not to do it for 2.4.x, because I won't contribute to further destabilizing 2.4.x current releases. It takes a serious vulnerability for me to risk the stability of 2.4.x, something on the order of the HTTP conformance issues we faced over the past year. Once again, 4 1/2 year old code had never been shared with the community, once again that ignored code contained defects that would have been noticed in a public -alpha over a four year period. I am for doing this necessary review for 2.5.0, but all the code was reviewed. That's what commit-then-review means. If you failed to review it, you now have a six year knowledge gap and review to conduct. That's not sustainable, nobody at the project has that kind of time. As PMC and committers, we had these commits in our inboxes. We questioned committers about changes that looked incorrect. We vetoed some changes that didn't fit or wouldn't work. It's over-past time for that code, those committers' efforts to see the light of day, even as an alpha for the time being. Any argument to the contrary or new layers of process is disingenuous at best, and obstructionist at worst. > And finally: 2.4.x is now, finally, being the default > version in distros, being the go-to version that people > are using, etc... I would like us to encourage that > momentum. No, 2.4.current is not the default. Our current n.n.n at the time these distributions decided to freeze is the distributed version, then they pick up security backports. RHEL 7 and CentOS 7 are still 2.4.6. Ubuntu 16.04 is still 2.4.7, or 2.4.10 from backports, xenial is 2.4.18 and zesty is 2.4.25 https://w3techs.com/technologies/details/ws-apache/2.4/all 57% of all the deployed httpd 2.4 are one of the first four ancient versions, and 67% if you count 2.4.25 (likely a mix of zesty and non-zesty not updated in 4 months). Of that, 2.4 captures 51% and 49% are older still (2.2/2.0); we can slice those adoption numbers in half. So 1/3rd of httpd deployments are on one of the five versions distributed in these five operating system distributions. Only 11% of the deployments have been refreshed since our June release. If you are talking distributions, they will be at whatever we give them once they ship. They won't pick up our new features until they are ready to tag a new OS release, so 'distros', at least 'os distros' is non sequitur. If you are talking httpd binaries, every creator has their own schema; at Pivotal (and JBoss and similar, I suspect) we prepared to pick up all releases but dropped the ones with quickly identified
AW: svn commit: r1813167 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy.c modules/proxy/mod_proxy_balancer.c
Same here: I don't see why the lbmethods rely on it between 1 and 100 and why they cannot work with 100 till 1 Effectively we kill values like 2.5 and the new comment > it is a number between 1 and 100 (or 0.01 and 1.0). is wrong since 0.01 is not an allowed value (it will fail the check below). Regards Rüdiger > -Ursprüngliche Nachricht- > Von: Jim Jagielski [mailto:j...@jagunet.com] > Gesendet: Dienstag, 24. Oktober 2017 15:29 > An: dev@httpd.apache.org > Cc: c...@httpd.apache.org > Betreff: Re: svn commit: r1813167 - in /httpd/httpd/trunk: CHANGES > modules/proxy/mod_proxy.c modules/proxy/mod_proxy_balancer.c > > I don't understand this patch. It looks like we are no lingering > externally > representing ldfactor as a float (e.g.: 2.50). Is that right? If so, > I'm not sure why... > > > On Oct 24, 2017, at 6:50 AM, yla...@apache.org wrote: > > > > Author: ylavic > > Date: Tue Oct 24 10:50:34 2017 > > New Revision: 1813167 > > > > URL: http://svn.apache.org/viewvc?rev=1813167=rev > > Log: > > mod_proxy_balancer: fix runtime lbfactor value changed in 2.4.28. > > > > It is assumed to be between 1 and 100 by lbmethods, so normalize it > > accordingly. > > > > > > Modified: > >httpd/httpd/trunk/CHANGES > >httpd/httpd/trunk/modules/proxy/mod_proxy.c > >httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c > > > > Modified: httpd/httpd/trunk/CHANGES > > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1813167=18 > 13166=1813167=diff > > > > == > > --- httpd/httpd/trunk/CHANGES [utf-8] (original) > > +++ httpd/httpd/trunk/CHANGES [utf-8] Tue Oct 24 10:50:34 2017 > > @@ -1,6 +1,10 @@ > > -*- coding: > utf-8 -*- > > Changes with Apache 2.5.0 > > > > + *) mod_proxy_balancer: fix runtime lbfactor value changed in > 2.4.28. It is > > + assumed to be between 1 and 100 by lbmethods, so normalize it > accordingly. > > + [Yann Ylavic] > > + > > *) mod_md: v1.0.1, ServerName/Alias names from pure-http: virtual > hosts are no longer > > auto-added to a Managed Domain. Error counts of jobs are > presisted. When the server > > restarts (gracefully) any errored staging areas are purged to > reset the signup/renewal > > > > Modified: httpd/httpd/trunk/modules/proxy/mod_proxy.c > > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c > ?rev=1813167=1813166=1813167=diff > > > > == > > --- httpd/httpd/trunk/modules/proxy/mod_proxy.c (original) > > +++ httpd/httpd/trunk/modules/proxy/mod_proxy.c Tue Oct 24 10:50:34 > 2017 > > @@ -104,13 +104,13 @@ static const char *set_worker_param(apr_ > > > > if (!strcasecmp(key, "loadfactor")) { > > /* Normalized load factor. Used with BalancerMember, > > - * it is a number between 1 and 100. > > + * it is a number between 1 and 100 (or 0.01 and 1.0). > > */ > > double fval = atof(val); > > ival = fval * 100.0; > > if (ival < 100 || ival > 1) > > return "LoadFactor must be a number between 1..100"; > > -worker->s->lbfactor = ival; > > +worker->s->lbfactor = ival / 100; > > } > > else if (!strcasecmp(key, "retry")) { > > /* If set it will give the retry timeout for the worker > > @@ -2883,7 +2883,7 @@ static int proxy_status_hook(request_rec > > ap_rvputs(r, ap_proxy_parse_wstatus(r->pool, *worker), > NULL); > > ap_rvputs(r, "", (*worker)->s->route, NULL); > > ap_rvputs(r, "", (*worker)->s->redirect, > NULL); > > -ap_rprintf(r, "%.2f", > (float)((*worker)->s->lbfactor)/100.0); > > +ap_rprintf(r, "%d", (*worker)->s- > >lbfactor); > > ap_rprintf(r, "%d", (*worker)->s->lbset); > > ap_rprintf(r, "%" APR_SIZE_T_FMT "", > >(*worker)->s->elected); > > > > Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c > > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_b > alancer.c?rev=1813167=1813166=1813167=diff > > > > == > > --- httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c (original) > > +++ httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c Tue Oct 24 > 10:50:34 2017 > > @@ -1093,11 +1093,10 @@ static int balancer_handler(request_rec > > ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01192) > "settings worker params"); > > > > if ((val = apr_table_get(params, "w_lf"))) { > > -int ival; > > double fval = atof(val); > > -ival = fval * 100.0; > > +int ival = fval * 100.0; > > if (ival >= 100 && ival <= 1) { > > -wsel->s->lbfactor = ival;
Thoughts on 2.5.0
I would like to start a discussion on 2.5.0 and give some insights on my thoughts related to it. First and foremost: there is cool stuff in 2.5.0 that I really, REALLY wish were in a releasable, usable artifact. Up to now, we've been doing these as backports to the 2.4.x tree with, imo at least, good success. So I think the main questions regarding 2.5.0 is a list of items/issues that simply *cannot* be backported, due to API/ABI concerns. And then gauge the "value" of the items on that list. Another would be to look at some of the items currently "on hold" for backporting, due to outstanding questions, tech issues, more needed work/QA, etc... IMO, if these backports lack "support" for 2.4.x, then I wonder how "reliable" they are (or how tested they are) in the 2.5.o tree. And if the answer is "we pull them out of 2.5.0" then the question after that is what really *are* the diffs between 2.5.0 and 2.4.x... If, however, the answer is "tagging 2.5.0 will encourage us to address those issues" then my question is "Why aren't we doing that now... for 2.4.x". And finally: 2.4.x is now, finally, being the default version in distros, being the go-to version that people are using, etc... I would like us to encourage that momentum.
AW: Pruning working branches (Was: Re: Why?)
> -Ursprüngliche Nachricht- > Von: William A Rowe Jr [mailto:wr...@rowe-clan.net] > Gesendet: Dienstag, 24. Oktober 2017 15:12 > An: httpd> Betreff: Pruning working branches (Was: Re: Why?) > > On Tue, Oct 24, 2017 at 3:28 AM, Steffen wrote: > > > > On Tuesday 24/10/2017 at 10:26, Steffen wrote: > > > > Can someone clean up the not needed anymore backports/branches > > http://svn.apache.org/viewvc/httpd/httpd/branches/ > > > > httpd 2.4.1 was tagged at r1243503. > > I'd propose we start by pruning all working branches not updated since > this tag. > > Thoughts? +1 Regards Rüdiger
Pruning working branches (Was: Re: Why?)
On Tue, Oct 24, 2017 at 3:28 AM, Steffenwrote: > > On Tuesday 24/10/2017 at 10:26, Steffen wrote: > > Can someone clean up the not needed anymore backports/branches > http://svn.apache.org/viewvc/httpd/httpd/branches/ > httpd 2.4.1 was tagged at r1243503. I'd propose we start by pruning all working branches not updated since this tag. Thoughts?
Re: Simplify download distribution directory by dropping sha1 hashes?
On Tue, Oct 24, 2017 at 2:50 AM, Luca Toscanowrote: > > 2017-10-23 20:36 GMT+02:00 William A Rowe Jr : >> >> HTTPD team, >> >> Since our downloads are to be authenticated by their .asc PGP >> signatures, and the hashes simply serve as checksums, is it reasonable >> to offer only MD5 and SHA256 at this point? >> >> Anyone without SHA256 (rare, I'd expect) can use MD5 as the simplest >> supported checksum. All others should apply the strongest hash >> validation. >> >> Thoughts? > > +1, I'd also get rid of MD5 since I don't expect anybody relying on it but I > might be wrong :) As much as I'd like to, it wasn't long ago I was still building httpd on HP/UX, AIX and other oddballs. Having some old-school hash while httpd still compiles on those boxes seems rational.
Re: Decrypting mod_session-created cookie
Hi Mikhail, I tried your code to decode the session cookie generated with mod_session, but unfortunately does not seem to work properly. The openssl_decrypt ($ ct, $ cipher, $ key, OPENSSL_RAW_DATA, $ iv) function always return false ... Could it be due to salt calculation? Thank you D. -- Sent from: http://apache-http-server.18135.x6.nabble.com/Apache-HTTP-Server-Dev-f4771363.html
Re: Simplify download distribution directory by dropping sha1 hashes?
> Am 23.10.2017 um 20:36 schrieb William A Rowe Jr: > > HTTPD team, > > Since our downloads are to be authenticated by their .asc PGP > signatures, and the hashes simply serve as checksums, is it reasonable > to offer only MD5 and SHA256 at this point? > > Anyone without SHA256 (rare, I'd expect) can use MD5 as the simplest > supported checksum. All others should apply the strongest hash > validation. > > Thoughts? > > Bill +1
Re: Re: Why tag 2.5.0? [Was: Re: Tagging 2.4.29 / 2.5.0-{alpha/beta?}today]
wrong link where to clean up: http://svn.apache.org/viewvc/httpd/httpd/branches/ On Tuesday 24/10/2017 at 10:26, Steffen wrote: Can someone clean up the not needed anymore backports/branches at http://svn.apache.org/viewvc/httpd/httpd/branches/?sortby=date On Tuesday 24/10/2017 at 10:12, Stefan Eissing wrote: FTR: I refuse any discussion where people, already in the initial statements, discuss each others merit and downfalls and whatnot. If you want to talk about technical stuff and/or propose a project plan, start a new thread without all that destructive crap I will not waste any more time than this mail about. Cheers, Stefan Am 24.10.2017 um 00:17 schrieb William A Rowe Jr: Jim, you have very vocally and hostility reacted to *all* discussion of improving the release process at the httpd project. The project bylaws are clear, no individual PMC member may block a release (the PMC chair may, owing to the fact that they alone represent the board as the appointed VP, that's another topic entirely.) I have no evidence that you perceive a problem with the httpd release status quo, and no evidence that you have reconsidered your positions expressed during the past year, so I presume none of these are changed, and further discussion is not necessary at this step. You've insisted we maintain the status quo with no changes, and I'm proceeding based on our historical and documented practices to move the project along. This is an obvious case of agree-to-disagree, I accept your demand to hold to precedent, and will proceed under that structure to ask wiling users to help us determine the usability of the current code trunk/. In short, you have engendered this solution. This is only a starting point, not a result. Multiple -alphas will usually occur, and I can't foresee any conclusions on a roadmap before the end of the year, and a beta-worthy candidate before the end of winter. (Northern) winter tends to be a period of greater activity, summers are very quiet in comparison. The approach to progress under our existing model is incremental; code and release, code and release, until the committee agrees that the code is ready to move from an -alpha to a -beta, from a -beta to graduate to 2.6.0/3.0.0. This approach avoids all personal conflicts by getting away from people debating opinion or process, and going back to debating the features and code. I am reading your reply as adding additional process which does not exist, and appears to be thrown-up roadblocks. I'll ignore such attempts to introduce process until any proposed process has the majority +1 support by the project. If others here at httpd want to begin defining the structure of 2.6.0/3.0.0 (the next possible GA release, because 2.5.x is not GA, by policy), I'm all for it. It's not a prereq to begin. http://httpd.apache.org/dev/release.html By "vetoed tag" it does not mean you can veto a tag. That wording means that there is no code at present which carries a veto. I'm unaware of any code in trunk that is vetoed in the 2.5.x development trunk branch. Please inform within 72 hours of what you are vetoing from -alpha examination, so that I can remove or route around it and avoid any unnecessary tags. The rules were designed from day 1 of the ASF as a foundation that no one individual can block forward progress of the project, any PMC member may branch, or tag. The majority decision of the project decides whether that tag is adopted as a release (even -alpha requires a majority, 3 +1's!) As the saying goes "We won't know till we try"... let's see if we have collectively treated trunk/ well, and whether adventurous users on the bleeding edge like what they see. On Mon, Oct 23, 2017 at 4:32 PM, Jim Jagielski wrote: The issue obviously isn't in the *tagging*. It is the unknown aspect of what is expected AFTER the tagging. I see the tagging as simply a mechanism to force action upon the PMC to go down a route which the PMC has not decided, from what I can tell, to go down. Maybe I'm wrong. But your reply tends to support that interpretation. The tag, per se, is not the goal. The goal is to "push" 2.5.0 when, again from what I can tell, the PMC has not decided that such a push is warranted/needed/desired/whatever. So if you want to tag, first generate a roadmap, that can be shared and discussed with the PMC, and the dev community, what that 1st step is intended to lead us to. But let's not pretend that such tagging is simply noting a SVN revision. You may complain that I "single handedly" do Foo and Bar and other dictatorial and dangerous stuff, but AFAIK, I've never done or proposed anything w/o bringing it up to the list 1st (ala PROXY support, mod_wsgi, health checks... etc...). Even w/ releases and tags I give people more than 24hours notice. Unless, of course, your tag was under Lazy Consensus, in which case my "veto" was valid, if more "strong" than required. In which
Re: Why tag 2.5.0? [Was: Re: Tagging 2.4.29 / 2.5.0-{alpha/beta?}today]
Can someone clean up the not needed anymore backports/branches at http://svn.apache.org/viewvc/httpd/httpd/branches/?sortby=date On Tuesday 24/10/2017 at 10:12, Stefan Eissing wrote: FTR: I refuse any discussion where people, already in the initial statements, discuss each others merit and downfalls and whatnot. If you want to talk about technical stuff and/or propose a project plan, start a new thread without all that destructive crap I will not waste any more time than this mail about. Cheers, Stefan Am 24.10.2017 um 00:17 schrieb William A Rowe Jr: Jim, you have very vocally and hostility reacted to *all* discussion of improving the release process at the httpd project. The project bylaws are clear, no individual PMC member may block a release (the PMC chair may, owing to the fact that they alone represent the board as the appointed VP, that's another topic entirely.) I have no evidence that you perceive a problem with the httpd release status quo, and no evidence that you have reconsidered your positions expressed during the past year, so I presume none of these are changed, and further discussion is not necessary at this step. You've insisted we maintain the status quo with no changes, and I'm proceeding based on our historical and documented practices to move the project along. This is an obvious case of agree-to-disagree, I accept your demand to hold to precedent, and will proceed under that structure to ask wiling users to help us determine the usability of the current code trunk/. In short, you have engendered this solution. This is only a starting point, not a result. Multiple -alphas will usually occur, and I can't foresee any conclusions on a roadmap before the end of the year, and a beta-worthy candidate before the end of winter. (Northern) winter tends to be a period of greater activity, summers are very quiet in comparison. The approach to progress under our existing model is incremental; code and release, code and release, until the committee agrees that the code is ready to move from an -alpha to a -beta, from a -beta to graduate to 2.6.0/3.0.0. This approach avoids all personal conflicts by getting away from people debating opinion or process, and going back to debating the features and code. I am reading your reply as adding additional process which does not exist, and appears to be thrown-up roadblocks. I'll ignore such attempts to introduce process until any proposed process has the majority +1 support by the project. If others here at httpd want to begin defining the structure of 2.6.0/3.0.0 (the next possible GA release, because 2.5.x is not GA, by policy), I'm all for it. It's not a prereq to begin. http://httpd.apache.org/dev/release.html By "vetoed tag" it does not mean you can veto a tag. That wording means that there is no code at present which carries a veto. I'm unaware of any code in trunk that is vetoed in the 2.5.x development trunk branch. Please inform within 72 hours of what you are vetoing from -alpha examination, so that I can remove or route around it and avoid any unnecessary tags. The rules were designed from day 1 of the ASF as a foundation that no one individual can block forward progress of the project, any PMC member may branch, or tag. The majority decision of the project decides whether that tag is adopted as a release (even -alpha requires a majority, 3 +1's!) As the saying goes "We won't know till we try"... let's see if we have collectively treated trunk/ well, and whether adventurous users on the bleeding edge like what they see. On Mon, Oct 23, 2017 at 4:32 PM, Jim Jagielski wrote: The issue obviously isn't in the *tagging*. It is the unknown aspect of what is expected AFTER the tagging. I see the tagging as simply a mechanism to force action upon the PMC to go down a route which the PMC has not decided, from what I can tell, to go down. Maybe I'm wrong. But your reply tends to support that interpretation. The tag, per se, is not the goal. The goal is to "push" 2.5.0 when, again from what I can tell, the PMC has not decided that such a push is warranted/needed/desired/whatever. So if you want to tag, first generate a roadmap, that can be shared and discussed with the PMC, and the dev community, what that 1st step is intended to lead us to. But let's not pretend that such tagging is simply noting a SVN revision. You may complain that I "single handedly" do Foo and Bar and other dictatorial and dangerous stuff, but AFAIK, I've never done or proposed anything w/o bringing it up to the list 1st (ala PROXY support, mod_wsgi, health checks... etc...). Even w/ releases and tags I give people more than 24hours notice. Unless, of course, your tag was under Lazy Consensus, in which case my "veto" was valid, if more "strong" than required. In which case, I am sorry for that.
Re: Why tag 2.5.0? [Was: Re: Tagging 2.4.29 / 2.5.0-{alpha/beta?} today]
FTR: I refuse any discussion where people, already in the initial statements, discuss each others merit and downfalls and whatnot. If you want to talk about technical stuff and/or propose a project plan, start a new thread without all that destructive crap I will not waste any more time than this mail about. Cheers, Stefan > Am 24.10.2017 um 00:17 schrieb William A Rowe Jr: > > Jim, you have very vocally and hostility reacted to *all* discussion > of improving the release process at the httpd project. > > The project bylaws are clear, no individual PMC member may > block a release (the PMC chair may, owing to the fact that they > alone represent the board as the appointed VP, that's another > topic entirely.) > > I have no evidence that you perceive a problem with the httpd > release status quo, and no evidence that you have reconsidered > your positions expressed during the past year, so I presume > none of these are changed, and further discussion is not > necessary at this step. > > You've insisted we maintain the status quo with no changes, > and I'm proceeding based on our historical and documented > practices to move the project along. This is an obvious case > of agree-to-disagree, I accept your demand to hold to precedent, > and will proceed under that structure to ask wiling users to help > us determine the usability of the current code trunk/. In short, > you have engendered this solution. > > This is only a starting point, not a result. Multiple -alphas will > usually occur, and I can't foresee any conclusions on a roadmap > before the end of the year, and a beta-worthy candidate before > the end of winter. > > (Northern) winter tends to be a period of greater activity, summers > are very quiet in comparison. The approach to progress under our > existing model is incremental; code and release, code and release, > until the committee agrees that the code is ready to move from an > -alpha to a -beta, from a -beta to graduate to 2.6.0/3.0.0. This > approach avoids all personal conflicts by getting away from > people debating opinion or process, and going back to debating > the features and code. > > I am reading your reply as adding additional process which does > not exist, and appears to be thrown-up roadblocks. I'll ignore such > attempts to introduce process until any proposed process has the > majority +1 support by the project. If others here at httpd want > to begin defining the structure of 2.6.0/3.0.0 (the next possible > GA release, because 2.5.x is not GA, by policy), I'm all for it. > It's not a prereq to begin. > > http://httpd.apache.org/dev/release.html > > By "vetoed tag" it does not mean you can veto a tag. That wording > means that there is no code at present which carries a veto. I'm > unaware of any code in trunk that is vetoed in the 2.5.x development > trunk branch. > > Please inform within 72 hours of what you are vetoing from -alpha > examination, so that I can remove or route around it and avoid any > unnecessary tags. > > The rules were designed from day 1 of the ASF as a foundation > that no one individual can block forward progress of the project, > any PMC member may branch, or tag. The majority decision of > the project decides whether that tag is adopted as a release > (even -alpha requires a majority, 3 +1's!) > > As the saying goes "We won't know till we try"... let's see if we > have collectively treated trunk/ well, and whether adventurous > users on the bleeding edge like what they see. > > > > On Mon, Oct 23, 2017 at 4:32 PM, Jim Jagielski wrote: >> The issue obviously isn't in the *tagging*. It is the unknown >> aspect of what is expected AFTER the tagging. >> >> I see the tagging as simply a mechanism to force action >> upon the PMC to go down a route which the PMC has not >> decided, from what I can tell, to go down. Maybe I'm wrong. >> But your reply tends to support that interpretation. The tag, per >> se, is not the goal. The goal is to "push" 2.5.0 when, again >> from what I can tell, the PMC has not decided that such >> a push is warranted/needed/desired/whatever. >> >> So if you want to tag, first generate a roadmap, that can be >> shared and discussed with the PMC, and the dev community, >> what that 1st step is intended to lead us to. But let's >> not pretend that such tagging is simply noting a SVN revision. >> >> You may complain that I "single handedly" do Foo and Bar >> and other dictatorial and dangerous stuff, but AFAIK, I've >> never done or proposed anything w/o bringing it up >> to the list 1st (ala PROXY support, mod_wsgi, health >> checks... etc...). Even w/ releases and tags I give >> people more than 24hours notice. Unless, of course, >> your tag was under Lazy Consensus, in which case my >> "veto" was valid, if more "strong" than required. In >> which case, I am sorry for that.
Re: Simplify download distribution directory by dropping sha1 hashes?
2017-10-23 20:36 GMT+02:00 William A Rowe Jr: > HTTPD team, > > Since our downloads are to be authenticated by their .asc PGP > signatures, and the hashes simply serve as checksums, is it reasonable > to offer only MD5 and SHA256 at this point? > > Anyone without SHA256 (rare, I'd expect) can use MD5 as the simplest > supported checksum. All others should apply the strongest hash > validation. > > Thoughts? > +1, I'd also get rid of MD5 since I don't expect anybody relying on it but I might be wrong :) Luca