Re: [VOTE] Simplified 2.2.x EOL Decision

On 5/27/2015 9:44 PM, William A Rowe Jr wrote: Choose one; [ ] EOL the 2.2.x branch effective 5/31/16; strictly security releases to that date [X] Defer a 2.2.x EOL decision for 6 months and re-consider this proposal in Nov, '15.

Re: [VOTE] Simplified 2.2.x EOL Decision

Le 28/05/2015 06:44, William A Rowe Jr a écrit : Choose one; [ ] EOL the 2.2.x branch effective 5/31/16; strictly security releases to that date [X] Defer a 2.2.x EOL decision for 6 months and re-consider this proposal in Nov, '15.

Re: [VOTE] Simplified 2.2.x EOL Decision

On Wed, May 27, 2015 at 11:44 PM, William A Rowe Jr wrote: > Choose one; > > [ ] EOL the 2.2.x branch effective 5/31/16; strictly security releases to > that date > [X] Defer a 2.2.x EOL decision for 6 months and re-consider this proposal > in Nov, '15. > Enough of this ad-hominem BS... this is

[VOTE] Simplified 2.2.x EOL Decision

Choose one; [ ] EOL the 2.2.x branch effective 5/31/16; strictly security releases to that date [ ] Defer a 2.2.x EOL decision for 6 months and re-consider this proposal in Nov, '15.

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 6:59 PM, Noel Butler wrote: > On 28/05/2015 03:17, Jim Jagielski wrote: > > [...] maybe it's time to say that 2.2's era is done, and > 2.4's time is here, if not already past. I'm simply trying > to encourage us to work on the future and not "focus" on > the past. No need

Re: 2.2 and 2.4 and 2.6/3.0

On 28/05/2015 07:38, olli hauer wrote: > - for long time there was no working mod_php module for 2.4, and changing to > php-fpm was not for everyone a solution. huh? I personally since dawn of the httpd/php love have always only ever used mod_php and at no time did I have a a non usable ser

Re: 2.2 and 2.4 and 2.6/3.0

On 28/05/2015 03:17, Jim Jagielski wrote: > No need to go off... 2.2 has been out for almost 10 years. > 2.4 for a bit over 3. That is a LONG time. I'm simply > *suggesting* (no BDFL posturing Mr. Rowe) that after 10 > years, maybe it's time to say that 2.2's era is done, and > 2.4's time is h

Re: 2.2 and 2.4 and 2.6/3.0

On 2015-05-27 17:34, William A Rowe Jr wrote: > On Wed, May 27, 2015 at 7:54 AM, Jim Jagielski wrote: > >> Anyone else think it's time to EOL 2.2 and focus >> on 2.4 and the next gen? > > > Nope, we'll let the internet speak for itself - > > http://w3techs.com/technologies/history_details/ws-a

wiki performance/migration?

I know we have some infrastructure lurkers here. How can we pilot test cwiki performance, and what assistance is available for migrating content from wiki->cwiki if we like it? I got the impression a migration was imminent around ACNA, what's the current outlook? Is there someplace we can track?

Re: 2.2 and 2.4 and 2.6/3.0

Here at AL quite a lot sticking with 2.2 because third-party modules which are not available with 2.4. Like mod-perl etc. > Op 27 mei 2015 om 22:42 heeft Stefan Eissing > het volgende geschreven: > > Not wanting to boast, but maybe mod_h2 for httpd 2.4 can play a role in > motivating peopl

Re: 2.2 and 2.4 and 2.6/3.0

Not wanting to boast, but maybe mod_h2 for httpd 2.4 can play a role in motivating people to migrate away from 2.2. I have not looked into having it work on 2.2 and no interest in doing so. If we get the ALPN support into 2.4.13, mod_h2 can be just "dropped in" to such a server. And distros wi

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 4:11 PM, Tim Bannister wrote: > On 27 May 2015, at 18:26, Jeff Trawick wrote: > > > > one thing it means is having compelling stories involving the latest hot > tech that use 2.4 > > > > basically, any time there is a how-to-FOO somewhere on the www that uses > nginx for

Re: 2.2 and 2.4 and 2.6/3.0

On 27 May 2015, at 18:26, Jeff Trawick wrote: > > one thing it means is having compelling stories involving the latest hot tech > that use 2.4 > > basically, any time there is a how-to-FOO somewhere on the www that uses > nginx for the web server component, there needs to be a better how-to-FO

Re: 2.2 and 2.4 and 2.6/3.0

Your thought seems to be that we "EOL" 2.2 when the number of 2.2 deployments < the number of 2.4 ones. My thought is that we "EOL" 2.2 in order to *hasten* that event, just like just about every other open-source and non-open source software project out there.

Re: 2.2 and 2.4 and 2.6/3.0

> > one thing it means is having compelling stories involving the latest hot tech > that use 2.4 > > basically, any time there is a how-to-FOO somewhere on the www that uses > nginx for the web server component, there needs to be a better how-to-FOO > that uses httpd 2.4 ;) (I don't even thin

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 12:17 PM, Jim Jagielski wrote: > No need to go off... Did I? > 2.2 has been out for almost 10 years. > Irrelevant to the discussion... > 2.4 for a bit over 3. That is a LONG time. Specifically, http://svn.apache.org/r1243503 Generally unusable, the next several v

Re: SSL/TLS best current practice

Here's my proposed comment to inject in trunk/2.4/2.2 default httpd-ssl.conf - any adjustments here? # httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, # while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. +1 Agreed +1. That's nice and infor

Re: httpd and OpenSSL 1.0.2

On 05/27/2015 11:33 AM, Mario Brandt wrote: Hi Tom, I tried on Debian 7 and 8 both x64 To see your configure options would help a lot. The missing symbol is in the lib. mario@sasuke:~$ whereis libssl.so libssl: /usr/lib/libssl.a /usr/lib/libssl.so mario@sasuke:~$ readelf -s /usr/lib/libss

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 1:19 PM, Jim Jagielski wrote: > > > > crazy and not-so-crazy ideas will speed the movement to 2.4 irrespective > of distro schedules (not sure how much :) ) > > > > Here one: Since containers are the new hotness, how about being > more Docker/Rocket/whatever friendly (what

Re: 2.2 and 2.4 and 2.6/3.0

Now that even stability-loving Debian is providing 2.4.x with full security support, moving on from 2.2 seems to make sense. -- Tim Bannister – is...@c8h10n4o2.org.uk

Re: 2.2 and 2.4 and 2.6/3.0

> > crazy and not-so-crazy ideas will speed the movement to 2.4 irrespective of > distro schedules (not sure how much :) ) > Here one: Since containers are the new hotness, how about being more Docker/Rocket/whatever friendly (whatever that means)? :) Hope making this suggestion is OK and that

Re: 2.2 and 2.4 and 2.6/3.0

No need to go off... 2.2 has been out for almost 10 years. 2.4 for a bit over 3. That is a LONG time. I'm simply *suggesting* (no BDFL posturing Mr. Rowe) that after 10 years, maybe it's time to say that 2.2's era is done, and 2.4's time is here, if not already past. I'm simply trying to encourage

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 12:32 PM, Jim Jagielski wrote: > My point is that if we EOL 2.2 (with some definition of "EOL") > then people on 2.2 (or earlier) will have some *real* incentive > to move off of 2.2 towards 2.4 (or later)... > > Basically, we need something to "kick" people off 2.2 > and

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 11:33 AM, Jim Jagielski wrote: > > > > Focus your energy on anything you like. > > > > Can't grok whether that's snarky or not... I'll assume not :) > Please assume not :) ASF projects should still remain scratch-your-own-itch(es). Your message certainly had an 'adopt m

Re: 2.2 and 2.4 and 2.6/3.0

> > Developers (committers or not): > > [Y] I am willing to help resolve security issues in the 2.2.x branch. > [N] I am willing to help address non-security issues in the 2.2.x branch. > > PMC members: > > [Y] I am willing to test and vote on proposed 2.2.x releases. Only security ones. >

Re: 2.2 and 2.4 and 2.6/3.0

My point is that if we EOL 2.2 (with some definition of "EOL") then people on 2.2 (or earlier) will have some *real* incentive to move off of 2.2 towards 2.4 (or later)... Basically, we need something to "kick" people off 2.2 and get them to 2.4. By stating that 2.2 will ONLY get security related

Re: 2.2 and 2.4 and 2.6/3.0

> > Focus your energy on anything you like. > Can't grok whether that's snarky or not... I'll assume not :)

Re: httpd and OpenSSL 1.0.2

Hi Tom, I tried on Debian 7 and 8 both x64 To see your configure options would help a lot. The missing symbol is in the lib. mario@sasuke:~$ whereis libssl.so libssl: /usr/lib/libssl.a /usr/lib/libssl.so mario@sasuke:~$ readelf -s /usr/lib/libssl.so | grep "SSL_CONF_CTX_free" 531:

Re: SSL/TLS best current practice

On Wed, May 27, 2015 at 5:58 PM, William A Rowe Jr wrote: > On Tue, May 26, 2015 at 11:45 AM, Andy Wang wrote: >> >> I initially thought openssl disabled the NULL ones by default but when i >> started playing with openssl cipher strings and saw them I got confused. >> Didn't even consider that ht

Re: SSL/TLS best current practice

On Tue, May 26, 2015 at 11:45 AM, Andy Wang wrote: > > On 05/26/2015 11:25 AM, William A Rowe Jr wrote: > >> On Tue, May 26, 2015 at 10:45 AM, Yann Ylavic > > wrote: >> >> On Tue, May 26, 2015 at 5:29 PM, Andy Wang > > wrote: >> > >>

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 7:54 AM, Jim Jagielski wrote: > Anyone else think it's time to EOL 2.2 and focus > on 2.4 and the next gen? Nope, we'll let the internet speak for itself - http://w3techs.com/technologies/history_details/ws-apache/2 We are nowhere near close enough to the inflection po

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 4:42 PM, Jeff Trawick wrote: > On Wed, May 27, 2015 at 8:54 AM, Jim Jagielski wrote: >> >> Anyone else think it's time to EOL 2.2 and focus >> on 2.4 and the next gen? My thoughts are that http/2 >> and mod_h2 will drive the trunk design efforts and so >> it would be nice

Re: 2.2 and 2.4 and 2.6/3.0

On 27 May 2015 at 17:42, Jeff Trawick wrote: > On Wed, May 27, 2015 at 8:54 AM, Jim Jagielski wrote: >> >> Anyone else think it's time to EOL 2.2 and focus >> on 2.4 and the next gen? My thoughts are that http/2 >> and mod_h2 will drive the trunk design efforts and so >> it would be nice to focus

Re: 2.2 and 2.4 and 2.6/3.0

The 2.2.x branch is still of interest to the product I work on. So I am willing to devote effort towards its maintenance. Thanks, Mike On 5/27/2015 7:46 AM, Jeff Trawick wrote: What we need to know for the 2.2.x branch is basically this: Developers (committers or not): [Y] I am willin

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 10:42 AM, Jeff Trawick wrote: > On Wed, May 27, 2015 at 8:54 AM, Jim Jagielski wrote: > >> Anyone else think it's time to EOL 2.2 and focus >> on 2.4 and the next gen? My thoughts are that http/2 >> and mod_h2 will drive the trunk design efforts and so >> it would be nice

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 8:54 AM, Jim Jagielski wrote: > Anyone else think it's time to EOL 2.2 and focus > on 2.4 and the next gen? My thoughts are that http/2 > and mod_h2 will drive the trunk design efforts and so > it would be nice to focus energy on 2.4 and later... > People here focus their

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 8:55 AM Jim Jagielski wrote: > Anyone else think it's time to EOL 2.2 and focus > on 2.4 and the next gen? My thoughts are that http/2 > and mod_h2 will drive the trunk design efforts and so > it would be nice to focus energy on 2.4 and later... > I think it's an accurate

Re: 2.2 and 2.4 and 2.6/3.0

No issue for me. How many time would bug/security fixes would still be backported (from when we decide so)? On Wed, May 27, 2015 at 2:54 PM, Jim Jagielski wrote: > Anyone else think it's time to EOL 2.2 and focus > on 2.4 and the next gen? My thoughts are that http/2 > and mod_h2 will drive the

Re: httpd and OpenSSL 1.0.2

On May 27, 2015 5:26 AM, "Mario Brandt" wrote: > Hi Tom, > I saw you on the httpd dev mailing list about that topic. How did you > manage to build apache against 1.0.2? > > Cause if I try that I get in my VM > > /opt/apache2/modules/mod_ssl.so: undefined symbol: SSL_CONF_CTX_finish > > or on my re

2.2 and 2.4 and 2.6/3.0

Anyone else think it's time to EOL 2.2 and focus on 2.4 and the next gen? My thoughts are that http/2 and mod_h2 will drive the trunk design efforts and so it would be nice to focus energy on 2.4 and later...

Re: mod_ssl: Reading dhparams and ecparams not only from the first certificate file

Am 27.05.2015 um 08:40 schrieb Kaspar Brand: On 26.05.2015 10:33, Rainer Jung wrote: I find it questionable. I would find it more natural to embed the params in the cert files they apply to, so e.g. the DH params in the RSA cert file and the EC params in the ECDH cert file and also to not requir