Re: 2.2.4 windows binary w/ssl?
On Thu, Mar 22, 2007 at 09:14:32PM +0100, Mladen Turk wrote: Guenter Knauf wrote: Hi, Should we add a cert-creation .sh and .vbs script to support/ for this purpose (on any platform)? Sounds like a great idea to me! +1 from me. If you find my vbs useful then I will contribute it. I've spent a good time to find at least something working; Drop an eye on: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/examples/mkcerts?view=markup - auto-generating dummy certs which claim to be issued by or to the ASF doesn't seem like a good idea at all - the only hostnames referenced should be `hostname` or localhost; this uses some localhost.edu in a few places - it's also a good idea to set a pseudo-random serial number on issued certs, e.g. use $RANDOM where available, fall back on $$/$PPID etc - also particularly odd to encrypt the file storing the private key joe
Re: 2.2.4 windows binary w/ssl?
Joe Orton wrote: Drop an eye on: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/examples/mkcerts?view=markup - auto-generating dummy certs which claim to be issued by or to the ASF doesn't seem like a good idea at all It is an example, so anyone is entitled to change it for its particular usage. Regards, Mladen.
Re: 2.2.4 windows binary w/ssl?
Hi, I'll take this as a resounding no, and that the draft package is sufficient. Moving it within 24 hrs unless I hear a specific technical objection. I've heard from a couple of users that they prefer *.zip archives rather than the *.msi files; and hacked a WSH script to fix the config files when using a zip distribution. So I think it would be great to disribute a *.zip archive too in addition to the *.msi. Regarding certificate creation I've hacked another simple WSH script a while ago, and got some positive feedback; however currently its not perfect yet since I had not the time to fully go trough all openssl settings; I use currently this: openssl req -x509 -nodes -days 999 -subj /[EMAIL PROTECTED]/C=US/ST=Oregon/L=Portland/O=Example Organisation/OU=IT Unit/CN=www.example.com -newkey rsa:1024 -keyout server.key -out server.crt these certs are accepted by Apache and enable SSL access - however I get warnings in the error log: [Wed Mar 21 02:11:55 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) hints welcome! If someone wants to play with the WSH script you can find it here: http://www.gknw.net/vb/scripts/MkCerts.vbs Although I'm not a big WSH fan - I think it makes sense on Win32 since its almost there, and the user doesnt need to install / download another tool just to fix confs or create certs. Guenter.
Re: 2.2.4 windows binary w/ssl?
Guenter Knauf wrote: I've heard from a couple of users that they prefer *.zip archives rather than the *.msi files; and hacked a WSH script to fix the config files when using a zip distribution. Should we add a cert-creation .sh and .vbs script to support/ for this purpose (on any platform)? Sounds like a great idea to me! So I think it would be great to disribute a *.zip archive too in addition to the *.msi. Well, it's not worth pleasing all the people, all the time. But for those who ask for 'just the files', you can always point out that... msiexec /a apache_2.2.4-x86-winnt-xxx.msi will unpack the files to do whatever they like with them :-) This works whether the package has been installed, or not. I'm not a fan of multiple-different flavors to download, I find they create more support questions, not fewer.
Re: 2.2.4 windows binary w/ssl?
On Mar 22, 2007, at 12:22 PM, William A. Rowe, Jr. wrote: Guenter Knauf wrote: I've heard from a couple of users that they prefer *.zip archives rather than the *.msi files; and hacked a WSH script to fix the config files when using a zip distribution. Should we add a cert-creation .sh and .vbs script to support/ for this purpose (on any platform)? Sounds like a great idea to me! +1. I assume you can execute that VBS on any ol' Windows box? I'm not a fan of multiple-different flavors to download, I find they create more support questions, not fewer. +1 S. -- [EMAIL PROTECTED]http://www.temme.net/sander/ Open Source Software Consultant PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF ApacheCon 2007 Europe, May 1-4 in Amsterdam http://www.eu.apachecon.com/ smime.p7s Description: S/MIME cryptographic signature
Re: 2.2.4 windows binary w/ssl?
Sander Temme wrote: On Mar 22, 2007, at 12:22 PM, William A. Rowe, Jr. wrote: Guenter Knauf wrote: I've heard from a couple of users that they prefer *.zip archives rather than the *.msi files; and hacked a WSH script to fix the config files when using a zip distribution. Should we add a cert-creation .sh and .vbs script to support/ for this purpose (on any platform)? Sounds like a great idea to me! +1. I assume you can execute that VBS on any ol' Windows box? Any modern Windows box. I just updated the /dist/httpd/binaries/win32 page to pretty much toss away any lingering 9x/NT4 references.
Re: 2.2.4 windows binary w/ssl?
Hi, Should we add a cert-creation .sh and .vbs script to support/ for this purpose (on any platform)? Sounds like a great idea to me! +1 from me. If you find my vbs useful then I will contribute it. I've spent a good time to find at least something working; the Inet is full of stuff, but everyone does with another way - from one to three separate calls of openssl I found a lot; this shows that its not so trivial and clear to everyone to create proper certs Apache2 is happy with without throwing warnings msiexec /a apache_2.2.4-x86-winnt-xxx.msi will unpack the files to do whatever they like with them :-) This works whether the package has been installed, or not. ok, I knew this, and did already point that out; however what do you think about adding this hint to the README in http://www.apache.org/dist/httpd/binaries/win32/ ? Guenter.
Re: 2.2.4 windows binary w/ssl?
Guenter Knauf wrote: Hi, Should we add a cert-creation .sh and .vbs script to support/ for this purpose (on any platform)? Sounds like a great idea to me! +1 from me. If you find my vbs useful then I will contribute it. I've spent a good time to find at least something working; Drop an eye on: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/examples/mkcerts?view=markup I've also spend a good deal of time on that, so it might be helpful :) Regards, Mladen.
Re: 2.2.4 windows binary w/ssl?
Hi Mladen, Drop an eye on: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/examples/mkcerts? view=markup I've also spend a good deal of time on that, so it might be helpful :) yeah!! Thanks! Will do, and update my vbs soon thanks, Guenter.
Re: 2.2.4 windows binary w/ssl?
William A. Rowe, Jr. wrote: William A. Rowe, Jr. wrote: I'd like to propose we ship apache_2.2.4-win32-x86-openssl-0.9.8d.msi with this release. Couple of notes... Did anyone else have feedback on the comments/notes? I know Roy's made some additional progress with the notification requirements, and would like to be ready when he shares word that httpd and openssl notices are all in order. I'll take this as a resounding no, and that the draft package is sufficient. Moving it within 24 hrs unless I hear a specific technical objection.
Re: 2.2.4 windows binary w/ssl?
On Mar 16, 2007, at 2:48 PM, William A. Rowe, Jr. wrote: William A. Rowe, Jr. wrote: William A. Rowe, Jr. wrote: I'd like to propose we ship apache_2.2.4-win32-x86- openssl-0.9.8d.msi with this release. Couple of notes... Did anyone else have feedback on the comments/notes? I know Roy's made some additional progress with the notification requirements, and would like to be ready when he shares word that httpd and openssl notices are all in order. I'll take this as a resounding no, and that the draft package is sufficient. Moving it within 24 hrs unless I hear a specific technical objection. I think, if you mean is it okay to post 2.2.4 binaries containing openssl?, then the answer is yes. Roy
Re: 2.2.4 windows binary w/ssl?
Roy T. Fielding wrote: On Mar 16, 2007, at 2:48 PM, William A. Rowe, Jr. wrote: William A. Rowe, Jr. wrote: William A. Rowe, Jr. wrote: I'd like to propose we ship apache_2.2.4-win32-x86-openssl-0.9.8d.msi with this release. Couple of notes... Did anyone else have feedback on the comments/notes? I know Roy's made some additional progress with the notification requirements, and would like to be ready when he shares word that httpd and openssl notices are all in order. I'll take this as a resounding no, and that the draft package is sufficient. Moving it within 24 hrs unless I hear a specific technical objection. I think, if you mean is it okay to post 2.2.4 binaries containing openssl?, then the answer is yes. Correct - I meant 'are there any other feedbacks' and the quiet tells me nobody has anything to add. I believe you already confirmed we are solid on notifications (or I wouldn't have placed them up in /dev/dist/ for evaluation :) Bill
Re: 2.2.4 windows binary w/ssl?
William A. Rowe, Jr. wrote: Issac Goldstand wrote: I'd agree if mod_ssl is disabled by default, but if it is, why are they downloading the mod_ssl-enabled installer? You miss the point, it's illegal in some jurisdictions to possess/use such cryptography. That installer will remain as a service to those communities, nothing more. I understand that. I assumed in this statement that there'd 2 installers - an SSL-msi and a non-SSL msi. Based on that, it'd be pointless to disable SSL by default in the SSL-enabled package (otherwise, you'd download the other one).
Re: 2.2.4 windows binary w/ssl?
William A. Rowe, Jr. wrote: Jorge Schrauwen wrote: Do note that not all users that will chose the SSL package will know how to correctly fill in the fields. s/not all/a small minority of/ They can't figure out what Domain Name means, let's be serious :) On 1/10/07, *Issac Goldstand* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I think the MSI should autogenerate a self-signed cert at least (last thing we need is for people to deploy a static pre-distributed cert which would make it that much easier to do man-in-the-middle attacks). I agree, static keys are only for pure localhost-style examples, just a bad idea for something this flexible. As far as a default selfsigned cert, I was thinking of using the server name they filled in already as it stands, and let them replace it with a worthwhile one. You mean as the default entry, right? It should be changeable (and should affect the ServerName in the default SSL virtualhost, of course) Would be great if the MSI had a choice to use an existing cert, or generate a new one with a user supplied DN (fill-in fields for CN, OU, O , L, ST, C), and generated a self-signed cert with that + a .csr for sending to a Trusted Third-Party for signing. Would also be great if there was some GUI for importing a signed cert post-install, similar to the IIS wizard, but that's probably pushing it. Well, there are dozens of utilities out there that do that, I'm not compelled in the least to add it to the httpd package. As I said, that's probably pushing it :-) Justin Erenkrantz wrote: I'd prefer to just point them at the instructions for generating their own key rather than us distributing a 'fake' one. -- justin ./configure; make; make install We don't deposit a certificate today for Unix. After considering this a bit more, I agree with jerenkrantz. Didn't there used to be a make cert in the Apache 1.3 days? I distinctly remember having that option at some point, though it may have been from a modified source, like an SRPM or something... At least, initially. I'd rather see something out the door, with all the appropriate comments in the user community of the best way (in their opinion) to proceed. IMHO, that's like saying that the MSI shouldn't install the windows service for you, or modify the default .conf files to suit your install. If you want to do it this way, distribute a binary .zip If we're putting it in a GUI installer that knows how to prepare the initial environment, this should definitely be one of the things it does... Then if we really believe the server install should do something to either help deposit a cert/key for their server, or a post-install command should be provided for this purpose, then we should ensure win and unix are offering the exact same facility. I'll look around for the make cert rule that I remember seeing. Should be very simple to do this for unix, assuming an openssl binary exists and is on the path Issac
Re: 2.2.4 windows binary w/ssl?
Jorge Schrauwen wrote: On 1/10/07, *William A. Rowe, Jr.* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Jorge Schrauwen wrote: Do note that not all users that will chose the SSL package will know how to correctly fill in the fields. s/not all/a small minority of/ Do not underestimate user stupidity ;) ok maybe the number won't be overly to large but I can sure see the post flooding in on the Apache BB's! True, but Bill has a point. If they can't fill in Domain Name, Company Name (Optional), City, State, Country, then SSL install is the least of their problems ;-) Seriously, it's just an issue of us naming the fields well. [snip] ./configure; make; make install We don't deposit a certificate today for Unix. After considering this a bit more, I agree with jerenkrantz. True... if you don't enable mod_ssl by default and add a note in the conf file It should be rather safe to not include a cert. Pointing them to a docs or wiki guide/how to would be a good idea. I'd agree if mod_ssl is disabled by default, but if it is, why are they downloading the mod_ssl-enabled installer? The stupid user issue you mention is a great answer here, but not good enough to disabled mod_ssl by default if there are seperate SSL and non-SSL installers. Issac
Re: 2.2.4 windows binary w/ssl?
On 1/11/07, Issac Goldstand [EMAIL PROTECTED] wrote: ./configure; make; make install We don't deposit a certificate today for Unix. After considering this a bit more, I agree with jerenkrantz. True... if you don't enable mod_ssl by default and add a note in the conf file It should be rather safe to not include a cert. Pointing them to a docs or wiki guide/how to would be a good idea. I'd agree if mod_ssl is disabled by default, but if it is, why are they downloading the mod_ssl-enabled installer? The stupid user issue you mention is a great answer here, but not good enough to disabled mod_ssl by default if there are seperate SSL and non-SSL installers. Good point on this, it makes no sense to have mod_ssl disabled in the ssl binary. My silly mistake. -- ~Jorge
Re: 2.2.4 windows binary w/ssl?
Issac Goldstand wrote: I'd agree if mod_ssl is disabled by default, but if it is, why are they downloading the mod_ssl-enabled installer? You miss the point, it's illegal in some jurisdictions to possess/use such cryptography. That installer will remain as a service to those communities, nothing more.
Re: 2.2.4 windows binary w/ssl?
On 1/10/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote: A final question for all, do we wish to install an arbitrary, on the fly self signed default.crt/default.key? Do we want to help them fill out the details or use stock details? Or do we want them to use openssl.exe to generate one for themselves? I'd prefer to just point them at the instructions for generating their own key rather than us distributing a 'fake' one. -- justin
Re: 2.2.4 windows binary w/ssl?
I think the MSI should autogenerate a self-signed cert at least (last thing we need is for people to deploy a static pre-distributed cert which would make it that much easier to do man-in-the-middle attacks). Would be great if the MSI had a choice to use an existing cert, or generate a new one with a user supplied DN (fill-in fields for CN, OU, O , L, ST, C), and generated a self-signed cert with that + a .csr for sending to a Trusted Third-Party for signing. Would also be great if there was some GUI for importing a signed cert post-install, similar to the IIS wizard, but that's probably pushing it. Just my $0.02, Issac William A. Rowe, Jr. wrote: A final question for all, do we wish to install an arbitrary, on the fly self signed default.crt/default.key? Do we want to help them fill out the details or use stock details? Or do we want them to use openssl.exe to generate one for themselves?
Re: 2.2.4 windows binary w/ssl?
Do note that not all users that will chose the SSL package will know how to correctly fill in the fields. My experience tells me if there is a package with XYZ and without most chose it with XYZ even if they don't need it. So if there is a dialog in the installer that would ask for the information... make sure there is lots of information available on what to enter! My 0,02 EUR Cent ;) On 1/10/07, Issac Goldstand [EMAIL PROTECTED] wrote: I think the MSI should autogenerate a self-signed cert at least (last thing we need is for people to deploy a static pre-distributed cert which would make it that much easier to do man-in-the-middle attacks). Would be great if the MSI had a choice to use an existing cert, or generate a new one with a user supplied DN (fill-in fields for CN, OU, O , L, ST, C), and generated a self-signed cert with that + a .csr for sending to a Trusted Third-Party for signing. Would also be great if there was some GUI for importing a signed cert post-install, similar to the IIS wizard, but that's probably pushing it. Just my $0.02, Issac William A. Rowe, Jr. wrote: A final question for all, do we wish to install an arbitrary, on the fly self signed default.crt/default.key? Do we want to help them fill out the details or use stock details? Or do we want them to use openssl.exe to generate one for themselves? -- ~Jorge
Re: 2.2.4 windows binary w/ssl?
Jorge Schrauwen wrote: Do note that not all users that will chose the SSL package will know how to correctly fill in the fields. s/not all/a small minority of/ They can't figure out what Domain Name means, let's be serious :) On 1/10/07, *Issac Goldstand* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I think the MSI should autogenerate a self-signed cert at least (last thing we need is for people to deploy a static pre-distributed cert which would make it that much easier to do man-in-the-middle attacks). I agree, static keys are only for pure localhost-style examples, just a bad idea for something this flexible. As far as a default selfsigned cert, I was thinking of using the server name they filled in already as it stands, and let them replace it with a worthwhile one. Would be great if the MSI had a choice to use an existing cert, or generate a new one with a user supplied DN (fill-in fields for CN, OU, O , L, ST, C), and generated a self-signed cert with that + a .csr for sending to a Trusted Third-Party for signing. Would also be great if there was some GUI for importing a signed cert post-install, similar to the IIS wizard, but that's probably pushing it. Well, there are dozens of utilities out there that do that, I'm not compelled in the least to add it to the httpd package. Justin Erenkrantz wrote: I'd prefer to just point them at the instructions for generating their own key rather than us distributing a 'fake' one. -- justin ./configure; make; make install We don't deposit a certificate today for Unix. After considering this a bit more, I agree with jerenkrantz. At least, initially. I'd rather see something out the door, with all the appropriate comments in the user community of the best way (in their opinion) to proceed. Then if we really believe the server install should do something to either help deposit a cert/key for their server, or a post-install command should be provided for this purpose, then we should ensure win and unix are offering the exact same facility. Does this sound sane?
Re: 2.2.4 windows binary w/ssl?
On 1/10/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote: Jorge Schrauwen wrote: Do note that not all users that will chose the SSL package will know how to correctly fill in the fields. s/not all/a small minority of/ Do not underestimate user stupidity ;) ok maybe the number won't be overly to large but I can sure see the post flooding in on the Apache BB's! They can't figure out what Domain Name means, let's be serious :) On 1/10/07, *Issac Goldstand* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I think the MSI should autogenerate a self-signed cert at least (last thing we need is for people to deploy a static pre-distributed cert which would make it that much easier to do man-in-the-middle attacks). I agree, static keys are only for pure localhost-style examples, just a bad idea for something this flexible. As far as a default selfsigned cert, I was thinking of using the server name they filled in already as it stands, and let them replace it with a worthwhile one. Would be great if the MSI had a choice to use an existing cert, or generate a new one with a user supplied DN (fill-in fields for CN, OU, O , L, ST, C), and generated a self-signed cert with that + a .csr for sending to a Trusted Third-Party for signing. Would also be great if there was some GUI for importing a signed cert post-install, similar to the IIS wizard, but that's probably pushing it. Well, there are dozens of utilities out there that do that, I'm not compelled in the least to add it to the httpd package. Justin Erenkrantz wrote: I'd prefer to just point them at the instructions for generating their own key rather than us distributing a 'fake' one. -- justin ./configure; make; make install We don't deposit a certificate today for Unix. After considering this a bit more, I agree with jerenkrantz. True... if you don't enable mod_ssl by default and add a note in the conf file It should be rather safe to not include a cert. Pointing them to a docs or wiki guide/how to would be a good idea. At least, initially. I'd rather see something out the door, with all the appropriate comments in the user community of the best way (in their opinion) to proceed. Then if we really believe the server install should do something to either help deposit a cert/key for their server, or a post-install command should be provided for this purpose, then we should ensure win and unix are offering the exact same facility. Does this sound sane? Yes it does sound sane ;) -- ~Jorge
Re: 2.2.4 windows binary w/ssl?
On 01/10/2007 10:40 PM, William A. Rowe, Jr. wrote: Does this sound sane? +1 Regards RĂ¼diger
Re: 2.2.4
Jim Jagielski wrote: I'd still like to push a 2.2.4 out, say VERY early in Dec. There are some backports awaiting just 1 single vote to be approved, and others which look VERY worthwhile to be in this version. Let's all take some time and look over them ;) Well, I'm a little confused, post-midmonth isn't what I describe as 'early' :) Any update? If it's inconvient for you at this point, would anyone object if I pulled a 2.2.4 tag between Sun/Mon? Not that we don't have many more good changes in-stream, but something better for users is always preferable to waiting forever for the perfect release :)
Re: 2.2.4
William A. Rowe, Jr. wrote: Jim Jagielski wrote: I'd still like to push a 2.2.4 out, say VERY early in Dec. There are some backports awaiting just 1 single vote to be approved, and others which look VERY worthwhile to be in this version. Let's all take some time and look over them ;) Well, I'm a little confused, post-midmonth isn't what I describe as 'early' :) Any update? If it's inconvient for you at this point, would anyone object if I pulled a 2.2.4 tag between Sun/Mon? Not that we don't have many more good changes in-stream, but something better for users is always preferable to waiting forever for the perfect release :) I wasn't waiting forever... I just wanted a good solid release that would stand the test of time, for a bit :) Having a release so close to the holidays is, I think, unfair, since it provides a push for people to upgrade. But if there is a real desire by people to get 2.2.4 out now, then I'm +0.9. I'd still like to RM, but if you have the time and desire, +1 there as well. -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ If you can dodge a wrench, you can dodge a ball.
Re: 2.2.4
Jim Jagielski wrote: I wasn't waiting forever... I just wanted a good solid release that would stand the test of time, for a bit :) Having a release so close to the holidays is, I think, unfair, since it provides a push for people to upgrade. But if there is a real desire by people to get 2.2.4 out now, then I'm +0.9. I'd still like to RM, but if you have the time and desire, +1 there as well. It's all yours :) Seriously, some of us will likely hack at this during the holidays, and at some point, the version drift will be so great that it becomes very hard to track down where breakage was introduced. 2.2.4 by early this coming week, followed by 2.2.5 after the holidays, will make it easier to track down the offending changes (and possibly give users a choice of versions - one of which doesn't have the flaw they trip over.) Bill
Re: 2.2.4
William A. Rowe, Jr. wrote: Seriously, some of us will likely hack at this during the holidays, and at some point, the version drift will be so great that it becomes very hard to track down where breakage was introduced. 2.2.4 by early this coming week, followed by 2.2.5 after the holidays, will make it easier to track down the offending changes (and possibly give users a choice of versions - one of which doesn't have the flaw they trip over.) Well, that was kind of my thought, is that people would have more time to play with 2.2.4-dev over the break and then I thought of the user community and whether it was nice to put out 2.2.4 a week before Christmas (causing them to upgrade) and then after the holidays having a 2.2.5 available and making them upgrade again :) I see your point 100% though... I really hoped that we would have had a 2.2.4 out sooner, but the votes didn't come as fast as expected :) But tell you what, if you want to do a 2.2.4 Sun/Mon then I'll do 2.2.5 mid-Jan (assuming there's enough for a release)... -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ If you can dodge a wrench, you can dodge a ball.
Re: 2.2.4
On 12/15/06, Jim Jagielski [EMAIL PROTECTED] wrote: I see your point 100% though... I really hoped that we would have had a 2.2.4 out sooner, but the votes didn't come as fast as expected :) What votes? I haven't seen any votes for 2.2.4. -- justin
Re: 2.2.4
Justin Erenkrantz wrote: On 12/15/06, Jim Jagielski [EMAIL PROTECTED] wrote: I see your point 100% though... I really hoped that we would have had a 2.2.4 out sooner, but the votes didn't come as fast as expected :) What votes? I haven't seen any votes for 2.2.4. -- justin For the proposed backports in STATUS. Not for any 2.2.4 tarball or anything :) -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ If you can dodge a wrench, you can dodge a ball.
Re: 2.2.4
Jim Jagielski wrote: William A. Rowe, Jr. wrote: Seriously, some of us will likely hack at this during the holidays, and at some point, the version drift will be so great that it becomes very hard to track down where breakage was introduced. 2.2.4 by early this coming week, followed by 2.2.5 after the holidays, will make it easier to track down the offending changes (and possibly give users a choice of versions - one of which doesn't have the flaw they trip over.) Well, that was kind of my thought, is that people would have more time to play with 2.2.4-dev over the break and then I thought of the user community and whether it was nice to put out 2.2.4 a week before Christmas (causing them to upgrade) and then after the holidays having a 2.2.5 available and making them upgrade again :) Ok then, folks feel free to 'break' 2.2.x branch over the weekend, and we'll add the appropriate amounts of bubblegum and bailing wire. Mostly, I'm referring to regressions. I see your point 100% though... I really hoped that we would have had a 2.2.4 out sooner, but the votes didn't come as fast as expected :) Well that changed nicely in these past two weeks, I'm liking all the review and activity in STATUS :) But tell you what, if you want to do a 2.2.4 Sun/Mon then I'll do 2.2.5 mid-Jan (assuming there's enough for a release)... That sounds like a deal, late Sun or early Mon depending on the localized family crises :) Folks please holler on this thread if there's show stopping breakage (or just mark it in STATUS). Bill
Re: 2.2.4
William A. Rowe, Jr. wrote: Jim Jagielski wrote: But tell you what, if you want to do a 2.2.4 Sun/Mon then I'll do 2.2.5 mid-Jan (assuming there's enough for a release)... That sounds like a deal, late Sun or early Mon depending on the localized family crises :) I would have liked to have been able to volunteer to RM but Sun/Mon is an incredibly bad time for me, so I'd need to step away for it (in fact, this whole weekend is pretty packed). -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ If you can dodge a wrench, you can dodge a ball.
Re: 2.2.4
On Fri, 15 Dec 2006 16:44:33 -0500 (EST) Jim Jagielski [EMAIL PROTECTED] wrote: Justin Erenkrantz wrote: On 12/15/06, Jim Jagielski [EMAIL PROTECTED] wrote: I see your point 100% though... I really hoped that we would have had a 2.2.4 out sooner, but the votes didn't come as fast as expected :) What votes? I haven't seen any votes for 2.2.4. -- justin For the proposed backports in STATUS. Your original prompting towards a 2.2.4 release stimulated a lot of activity in and around STATUS - and not just low-hanging fruit. That's as it should be. If folks can find time to deal with outstanding matters, great. If not, go ahead and draw a line. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
Re: 2.2.4
Nick Kew wrote: On Fri, 15 Dec 2006 16:44:33 -0500 (EST) Jim Jagielski [EMAIL PROTECTED] wrote: Justin Erenkrantz wrote: On 12/15/06, Jim Jagielski [EMAIL PROTECTED] wrote: I see your point 100% though... I really hoped that we would have had a 2.2.4 out sooner, but the votes didn't come as fast as expected :) What votes? I haven't seen any votes for 2.2.4. -- justin For the proposed backports in STATUS. Your original prompting towards a 2.2.4 release stimulated a lot of activity in and around STATUS - and not just low-hanging fruit. That's as it should be. If folks can find time to deal with outstanding matters, great. If not, go ahead and draw a line. That was it... as RM, I wasn't quite yet ready to draw that line. -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ If you can dodge a wrench, you can dodge a ball.
Re: 2.2.4
On 11/28/06, William A. Rowe, Jr. [EMAIL PROTECTED] wrote: Actually as posted to apr - later today if nobody screams (waiting mostly to make sure the other projects haven't noticed any glaring flaws - we now answer to stdcxx, the native-internal tomcat connectors, svn etc. APR seems to continue to grow in popularity.) FWIW, you mean log4cxx not stdcxx. =P -- justin
Re: 2.2.4
If its in the first week of Dec, I can do a test build on Win32 and Win64 If its mid Dec I can't due to exames. On 11/28/06, Jim Jagielski [EMAIL PROTECTED] wrote: I'd still like to push a 2.2.4 out, say VERY early in Dec. There are some backports awaiting just 1 single vote to be approved, and others which look VERY worthwhile to be in this version. Let's all take some time and look over them ;) -- ~Jorge
Re: 2.2.4
Jim Jagielski wrote: I'd still like to push a 2.2.4 out, say VERY early in Dec. There are some backports awaiting just 1 single vote to be approved, and others which look VERY worthwhile to be in this version. Let's all take some time and look over them ;) AFAIK, the only semi-blocking issue for me is that APR has still not released a new version... I dunno what happened to the plans for 1.2.8. -Paul.
Re: 2.2.4
On Nov 28, 2006, at 12:08 PM, Paul Querna wrote: Jim Jagielski wrote: I'd still like to push a 2.2.4 out, say VERY early in Dec. There are some backports awaiting just 1 single vote to be approved, and others which look VERY worthwhile to be in this version. Let's all take some time and look over them ;) AFAIK, the only semi-blocking issue for me is that APR has still not released a new version... I dunno what happened to the plans for 1.2.8. IIRC, Bill is hoping to do so this week.
Re: 2.2.4
Jim Jagielski wrote: On Nov 28, 2006, at 12:08 PM, Paul Querna wrote: Jim Jagielski wrote: I'd still like to push a 2.2.4 out, say VERY early in Dec. There are some backports awaiting just 1 single vote to be approved, and others which look VERY worthwhile to be in this version. Let's all take some time and look over them ;) AFAIK, the only semi-blocking issue for me is that APR has still not released a new version... I dunno what happened to the plans for 1.2.8. IIRC, Bill is hoping to do so this week. Actually as posted to apr - later today if nobody screams (waiting mostly to make sure the other projects haven't noticed any glaring flaws - we now answer to stdcxx, the native-internal tomcat connectors, svn etc. APR seems to continue to grow in popularity.)