Re: svn commit: r1750953 - /httpd/httpd/trunk/server/util_script.c

2016-07-22 Thread Jacob Champion
On 07/22/2016 01:38 PM, William A Rowe Jr wrote: RFC 7231 § 7.1.1 RFC 7232 § 2.2 Okay, at least we're looking at the same sections then. But I'm not finding support for your statement that we must replace completely unintelligible Last-Modified values with current timestamps. The closest I f

Re: svn commit: r1750953 - /httpd/httpd/trunk/server/util_script.c

2016-07-22 Thread William A Rowe Jr
RFC 7231 § 7.1.1 RFC 7232 § 2.2 On Jul 22, 2016 15:01, "Jacob Champion" wrote: > On 07/22/2016 12:30 PM, William A Rowe Jr wrote: > >> Yes, I mean anything that doesn't fit one of the *three* allowable >> formats. >> Nothing is allowed except for GMT. >> > > Agreed, only GMT is allowed on the wi

Re: EC to audit Apache HTTP Server

2016-07-22 Thread Ruediger Pluem
On 07/22/2016 06:59 PM, Steffen wrote: > See https://joinup.ec.europa.eu/node/153614 > > Steffen > Sounds interesting. Regards Rüdiger

Re: svn commit: r1750953 - /httpd/httpd/trunk/server/util_script.c

2016-07-22 Thread Jacob Champion
On 07/22/2016 12:30 PM, William A Rowe Jr wrote: Yes, I mean anything that doesn't fit one of the *three* allowable formats. Nothing is allowed except for GMT. Agreed, only GMT is allowed on the wire. I still believe it's potentially useful, and not unsafe, to transform a non-GMT timestamp in

Re: svn commit: r1750953 - /httpd/httpd/trunk/server/util_script.c

2016-07-22 Thread William A Rowe Jr
On Fri, Jul 22, 2016 at 1:42 PM, Jacob Champion wrote: > On 07/22/2016 10:49 AM, William A Rowe Jr wrote: > >> I'm -1 for interpretating invalid values. >> > > By "invalid" do you mean any string that doesn't comply with 723x's > Last-Modified definition? Even if the only non-compliance is the us

Re: svn commit: r1750953 - /httpd/httpd/trunk/server/util_script.c

2016-07-22 Thread Jacob Champion
On 07/22/2016 10:49 AM, William A Rowe Jr wrote: I'm -1 for interpretating invalid values. By "invalid" do you mean any string that doesn't comply with 723x's Last-Modified definition? Even if the only non-compliance is the use of a non-GMT timezone? I'm not personally a fan of all the stra

Re: svn commit: r1750953 - /httpd/httpd/trunk/server/util_script.c

2016-07-22 Thread William A Rowe Jr
I'm -1 for interpretating invalid values. But +1 for alerting the admin of the invalid script/module/CGI. The new behavior was wrong, it should be set to now() for all invalid input IMHO On Jul 21, 2016 5:20 PM, "Jacob Champion" wrote: > On 07/03/2016 02:56 AM, Luca Toscano wrote: > >> Patch co

EC to audit Apache HTTP Server

2016-07-22 Thread Steffen
See https://joinup.ec.europa.eu/node/153614 Steffen

Re: 2.4.24 soon?

2016-07-22 Thread Jim Jagielski
I think we should look into other stuff we could fold in in the short term. > On Jul 21, 2016, at 10:27 AM, Eric Covener wrote: > > We have httpoxy as well as a rewrite+fastcgi regression in the queue. > Jim, do you have a near-term release in you we can plan around? > > -- > Eric Covener > co