On Wed, 2003-08-13 at 09:28, Henrik Nordstrom wrote:
> On Tuesday 12 August 2003 10.30, Robert Collins wrote:
>
> > I won't be backporting, nor trying to find the cause of, the
> > proxy_auth issue with 2.5 delay pools.
>
> Fine. Someone else have to do it then if this is to be fixed for
> Squid-2.5. If not we have to live with the bugs. Not a big deal for
> us, but maybe to some of our users..
Yah, I can understand that.
> The delay_access bug is mostly on the list due to it causing sporadic
> assertion failures, not due to proxy_auth not working well in
> delay_access.
Ok. I might see if I can scrounge enough time to address the
assertions... perhaps simply a filter on the parser to complain during
the access list for non-accepted types. (Would be of use for http_access
to prevent mime_reply_type acls being used).
> Indeed. However, from a quality point of view it is a sad truth that
> it will most likely take considerably time before Squid-3.0 is up to
> the level of the current Squid-2.5 tree. This is from experience with
> earlier releases and math on the amount of changes..
Thats certainly possible. I'm hoping that we can start shorter release
cycles once 3.0 is out - the 2 week heuristic seems a reasonable one for
release quality - and we have a much better base to perform incremental
improvements on ...
> What I am attempting with Squid-2.5 is just to get rid of the bugs
> which have noticeable impact on the intended use of Squid-2.5 to have
> a rock-solid Squid-2.5 release. Authentication not working properly
> or crashing Squid is a quite noticeable thing. The purpose of having
> a rock-solid Squid-2.5 is actually to allow us to focus on Squid-3.0,
> not to take resources away from Squid-3.0.
Oh - cool. Well, like I said, there is hope for ntlmv2 in 2.5, a patch
is in the works.
> Personally I would prefer it time was spent on getting the
> NTLM procedure correctly done in squid-3.X rather than to try to
> patch up the known to be broken approach of Squid-2.5 however.
The changes to make ntlm Do The Right thing are really quite small, as
long as we are smart about it.
Squid never generates challenges, so there is nothing synthetic going on
- as long as the reuse count is forced to zero when ntlmv2 is in play,
we should be fully compatible with whatever the samba guys come up with
for future NTLM support.
Anyway, this is --in progress--.
Cheers,
Rob
-- GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:28 MST