I was reviewing the "crypted password" auth module ( ok, digested, not crypted ) and few other modules, and I think it would be a bad idea to commit it as part of the current tomcat. The module is in an early stage of development ( it provide a very usefull thing ), and is not required for normal functionality. I would like to propose puting them in a new directory ( /modules ) and building sepparate jar(s) for them. The modules will depend on the 3.3 internal APIs, but will not be part of the 3.3 release - but distributed as a separate add-on jar. Again, this will reduce the need for a 3.3.1 release ( every major release requires a lot of work, while a module release is much simpler ), will reduce the ammount of code that is part of the tomcat release to what is functionally needed to implement a servlet container, and reduce the "featurism" syndrome ( keep the product small and focused ). ( you can think of those modules as mini-"revolutions" - when the code is stable we can discuss including them in the standard distribution. ) We could place them under /proposals, but I feel it's better to just use a /modules directory. -- Costin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]