Re: [VOTE] Simplified 2.2.x EOL Decision

On May 28, 2015 5:31 AM, "Jim Jagielski" wrote: > > Why just 2 options and why *these* 2? > > The VOTE is worthless and obviously designed to stop discussion. > I am not voting. By all means then, don't. To answer your question, these are the only two directions the project has taken over the la

Re: Ad-hominem [was: [VOTE] Simplified 2.2.x EOL Decision]

On 28/05/2015 17:59, William A Rowe Jr wrote: > On Thu, May 28, 2015 at 2:48 AM, Noel Butler wrote: > > On 28/05/2015 14:48, William A Rowe Jr wrote: > > Enough of this ad-hominem BS... [...] > > You've lost the argument and lost respect, you have demonstrated that by this > pathetic an

Re: 2.2 and 2.4 and 2.6/3.0

On 05/28/2015 03:54 PM, Jim Riggs wrote: On 28 May 2015, at 14:30, Reindl Harald wrote: Am 28.05.2015 um 21:22 schrieb Rich Bowen: On 05/27/2015 05:38 PM, olli hauer wrote: - for long time there was no working mod_php module for 2.4, and changing to php-fpm was not for everyone a solutio

Re: 2.2 and 2.4 and 2.6/3.0

On Thu, May 28, 2015 at 3:45 PM, William A Rowe Jr wrote: > On May 27, 2015 9:46 AM, "Jeff Trawick" wrote: > > > > On Wed, May 27, 2015 at 10:42 AM, Jeff Trawick > wrote: > >> > >> On Wed, May 27, 2015 at 8:54 AM, Jim Jagielski wrote: > >>> > >>> Anyone else think it's time to EOL 2.2 and focu

Re: Measurement - Jeff's metric [was: [VOTE] Simplified 2.2.x EOL Decision]

On May 28, 2015 8:38 AM, "Yann Ylavic" wrote: > > On Thu, May 28, 2015 at 9:32 AM, William A Rowe Jr wrote: > > On Thu, May 28, 2015 at 2:22 AM, Yann Ylavic wrote: > >> > >> > >> I think I would have preferred Jeff's form of the vote, which would > >> have allowed us to know the potential "opera

Re: 2.2 and 2.4 and 2.6/3.0

> On 28 May 2015, at 14:30, Reindl Harald wrote: > > Am 28.05.2015 um 21:22 schrieb Rich Bowen: >> On 05/27/2015 05:38 PM, olli hauer wrote: >>> - for long time there was no working mod_php module for 2.4, and >>> changing to >>> php-fpm was not for everyone a solution. >> >> In my experience,

Re: httpd and OpenSSL 1.0.2

On Wed, May 27, 2015 at 1:09 PM, Andy Wang wrote: > On 05/27/2015 11:33 AM, Mario Brandt wrote: ... >> mario@sasuke:~$ readelf -s /usr/lib/libssl.so | grep "SSL_CONF_CTX_finish" >> 532: 000536f0 6 FUNCGLOBAL DEFAULT 11 >> SSL_CONF_CTX_finish >> 327: 000536f0 6

Re: 2.2 and 2.4 and 2.6/3.0

On May 27, 2015 9:46 AM, "Jeff Trawick" wrote: > > On Wed, May 27, 2015 at 10:42 AM, Jeff Trawick wrote: >> >> On Wed, May 27, 2015 at 8:54 AM, Jim Jagielski wrote: >>> >>> Anyone else think it's time to EOL 2.2 and focus >>> on 2.4 and the next gen? My thoughts are that http/2 >>> and mod_h2 wi

Re: 2.2 and 2.4 and 2.6/3.0

More data points and history to ponder, with placeholders to reflect the passage of time; 1998-06-06 Initial 1.3.0 Release 1999-03-24 Stable 1.3.6 Release (last major MMN bump) 2000 2001 2002-04-05 Initial 2.0.35 Release 2002-09-24 Stable 2.0.42 Release (last major MMN bump) 2003 2004 2005-12-01

Re: 2.2 and 2.4 and 2.6/3.0

Am 28.05.2015 um 21:22 schrieb Rich Bowen: On 05/27/2015 05:38 PM, olli hauer wrote: - for long time there was no working mod_php module for 2.4, and changing to php-fpm was not for everyone a solution. In my experience, the only reason that php-fpm wasn't a solution for everyone is that

Re: 2.2 and 2.4 and 2.6/3.0

On 05/27/2015 05:38 PM, olli hauer wrote: - for long time there was no working mod_php module for 2.4, and changing to php-fpm was not for everyone a solution. In my experience, the only reason that php-fpm wasn't a solution for everyone is that it was poorly documented. We could still st

RE: 2.2 and 2.4 and 2.6/3.0

Mageia: Mageia 3 released with Apahe 2.4 in April 2013 Apache 2.2 (via Mageia 2) reached EOL in November 2013

Re: httpd - side channel attack - timing of digest comparisons

> On 28 May 2015, at 17:24, Dirk-Willem van Gulik wrote: > > >> On 28 May 2015, at 17:03, William A Rowe Jr > > wrote: >> >> >> On May 26, 2015 10:31 AM, "Dirk-Willem van Gulik" > > wrote: >> > >> > >> > > On 26 May 2015, at 17:22, Dirk

Re: httpd - side channel attack - timing of digest comparisons

> On 28 May 2015, at 17:03, William A Rowe Jr wrote: > > > On May 26, 2015 10:31 AM, "Dirk-Willem van Gulik" > wrote: > > > > > > > On 26 May 2015, at 17:22, Dirk-Willem van Gulik > > > wrote: > > .. > > > So I think that what is neede

Re: 2.2 and 2.4 and 2.6/3.0

> > I propose we - where possible - add the missing bits that mod_h2 has to > hack around, and then propose those changes for backport to v2.4 in the > normal way. > > Given the amount of inertia minor versions of httpd have, it would be > ideal if mod_h2 could be used in the httpd v2.4 timeframe,

Re: 2.2 and 2.4 and 2.6/3.0

please dont sent other mail Arash.S 📧 Sent from📱 〰〰 On May 28, 2015, at 3:46 PM, Jim Jagielski wrote: My thoughts are that we use mod_h2 as a guide to how to "better" implement things in trunk, but also allow for mod_h2 to also work w/ 2.4 as well... So there will be a 2.4 version o

Re: httpd - side channel attack - timing of digest comparisons

On May 26, 2015 10:31 AM, "Dirk-Willem van Gulik" wrote: > > > > On 26 May 2015, at 17:22, Dirk-Willem van Gulik wrote: > .. > > So I think that what is needed are two (or three) functions > ... > > - A string comparison function; where at least one string is is under control of the attacker.

Re: 2.2 and 2.4 and 2.6/3.0

> On May 28, 2015, at 10:51 AM, Graham Leggett wrote: > > On 28 May 2015, at 4:46 PM, Jim Jagielski wrote: > >> My thoughts are that we use mod_h2 as a guide to how to >> "better" implement things in trunk, but also allow for >> mod_h2 to also work w/ 2.4 as well... So there will be >> a 2.4 v

Re: 2.2 and 2.4 and 2.6/3.0

That makes most sense to me as well. Besides all the non-optimal things I discuss in the internals paper, the numbers - of my very limited measurements - show that mod_h2 is slightly less performant than plain httpd *if you only have a single request/connection at a time*. If you have 2 reques

Re: 2.2 and 2.4 and 2.6/3.0

On 28 May 2015, at 4:46 PM, Jim Jagielski wrote: > My thoughts are that we use mod_h2 as a guide to how to > "better" implement things in trunk, but also allow for > mod_h2 to also work w/ 2.4 as well... So there will be > a 2.4 version of mod_h2 as well as a more significant > "merging" of mod_h

Re: 2.2 and 2.4 and 2.6/3.0

My thoughts are that we use mod_h2 as a guide to how to "better" implement things in trunk, but also allow for mod_h2 to also work w/ 2.4 as well... So there will be a 2.4 version of mod_h2 as well as a more significant "merging" of mod_h2/trunk/2.6/3.0. > On May 28, 2015, at 10:36 AM, Nick Kew w

Re: mod_h2 internals

> On 28 May 2015, at 16:25, Jim Jagielski wrote: > > One thing I've been thinking about, and there might even be some hooks > in trunk for it, is the idea of slave connections (or sub-connections) > which kind of *is* a pseudo connection. So one could create a connection > and then a sub/slave c

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, 2015-05-27 at 22:42 +0200, Stefan Eissing wrote: > Not wanting to boast, but maybe mod_h2 for httpd 2.4 can play a role in > motivating people to migrate away from 2.2. I've just looked at your "internals" page (which seems to me an excellent piece of work), and it tends to support the g

Re: mod_h2 internals

One thing I've been thinking about, and there might even be some hooks in trunk for it, is the idea of slave connections (or sub-connections) which kind of *is* a pseudo connection. So one could create a connection and then a sub/slave connection from that, and then use *that* for requests. This ma

Re: mod_h2 internals

Nice! > On May 28, 2015, at 9:43 AM, Stefan Eissing > wrote: > > For anyone interested in mod_h2 internals, its parasitic life inside httpd > and the apache mutations (=hacks) it is doing, there is now a web page for > that: https://icing.github.io/mod_h2/internals.html. For people knowledgab

mod_h2 internals

For anyone interested in mod_h2 internals, its parasitic life inside httpd and the apache mutations (=hacks) it is doing, there is now a web page for that: https://icing.github.io/mod_h2/internals.html. For people knowledgable in httpd core APIs (and where else would one find them but here), I t

Re: Measurement - Jeff's metric [was: [VOTE] Simplified 2.2.x EOL Decision]

On Thu, May 28, 2015 at 9:32 AM, William A Rowe Jr wrote: > On Thu, May 28, 2015 at 2:22 AM, Yann Ylavic wrote: >> >> >> I think I would have preferred Jeff's form of the vote, which would >> have allowed us to know the potential "operating forces" on 2.2.x. > > > We determined from that poll tha

Re: [VOTE] Simplified 2.2.x EOL Decision

Why just 2 options and why *these* 2? The VOTE is worthless and obviously designed to stop discussion. I am not voting. > On May 28, 2015, at 12:44 AM, William A Rowe Jr wrote: > > Choose one; > > [ ] EOL the 2.2.x branch effective 5/31/16; strictly security releases to > that date > [ ] Defe

Ad-hominem [was: [VOTE] Simplified 2.2.x EOL Decision]

On Thu, May 28, 2015 at 2:48 AM, Noel Butler wrote: > On 28/05/2015 14:48, William A Rowe Jr wrote: > > Enough of this ad-hominem BS... [...] > > > You've lost the argument and lost respect, you have demonstrated that by > this pathetic and childish response. Just because others have a differen

Re: [VOTE] Simplified 2.2.x EOL Decision

On 28/05/2015 14:48, William A Rowe Jr wrote: > Enough of this ad-hominem BS... this is in fact a majority rule decision (it > is a vote > not on code but on procedure), and is binding on the project as a whole. I > don't > want to discuss this again for six months and I'm not keen on the

Measurement - Jeff's metric [was: [VOTE] Simplified 2.2.x EOL Decision]

On Thu, May 28, 2015 at 2:22 AM, Yann Ylavic wrote: > > I think I would have preferred Jeff's form of the vote, which would > have allowed us to know the potential "operating forces" on 2.2.x. > We determined from that poll that there were >3 committers who would fix bugs on 2.2, so that discuss

Re: 2.2 and 2.4 and 2.6/3.0

On Wed, May 27, 2015 at 1:41 PM, William A Rowe Jr wrote: > > Ubuntu - 14.04 LTS, and Debian 8 (Jessie) got the message, a year ago > April. > > RHEL / CentOS 7 aren't even a year old yet. > > OpenSUSE 13.1 beat them all to the punch, back in Nov of '13. So that's > the oldest distribution GA th

Re: [VOTE] Simplified 2.2.x EOL Decision

On Thu, May 28, 2015 at 6:44 AM, William A Rowe Jr wrote: > Choose one; > > [ ] EOL the 2.2.x branch effective 5/31/16; strictly security releases to > that date > [X] Defer a 2.2.x EOL decision for 6 months and re-consider this proposal in > Nov, '15. I think I would have preferred Jeff's form o