develooper Front page | perl.perl5.porters | Postings from March 2021

Re: [DISCUSS] The future of mod_perl Yuki Kimoto<kimoto.yuki@gmail.com>

From:
=?UTF-8?Q?Salvador_Fandi=c3=b1o?=
Date:
March 31, 2021 10:08
Subject:
Re: [DISCUSS] The future of mod_perl Yuki Kimoto<kimoto.yuki@gmail.com>
Message ID:
df6abf15-9691-926d-905a-7a7c499b899f@gmail.com
On 31/3/21 10:12, Steve Hay via perl5-porters wrote:
> On Wed, 31 Mar 2021 at 07:37, Yuki Kimoto <kimoto.yuki@gmail.com> wrote:
>>
>>> If you are interested in seeing mod_perl remain an active project, and are able to help
>> maintain and provide oversight, please respond in this thread indicating that you are
>> interested in performing the duties of a PMC member[2].
>>
>> Who are the current valid PMC members and how many are missing?
>>
> 
> See https://projects.apache.org/committee.html?perl
> 
> I've seen responses from Adam, Fred and Philippe (and obviously
> myself), and also Philip and Perrin in a previous role call, although
> the latter two declared themselves no longer active.
> 
> So it seems like we have enough active PMC members to survive,
> although actual activity is somewhat lacking: I've still not found
> anyone to test the obvious "fix" for the current build-breaking change
> in the upcoming perl 5.34.0 on *nix (see
> https://lists.apache.org/thread.html/r515522504d5245f83488c096832419950d6d6e93e9ff11f55055953e%40%3Cdev.perl.apache.org%3E).
> 
> I'm proposing to disable a piece of code that no longer compiles,
> without knowing what it was trying to do... :-/ On Windows it still
> builds and passes tests as expected, but there may be some other
> problem that I've not uncovered yet and/or it may not work at all on
> *nix, where we have different MPMs and threading options.
> 
> Any help on testing this from people who would like to see mod_perl
> survive would be greatly appreciated.
> 

That issue seems related to a random seed used for hashing.

Random hashing seeds are commonly used to avoid DoS attacks. With a non 
random seed, some malicious attacker may send to the application strings 
specially crafted to cause collisions and make some hash grow until it 
eats all the available memory.




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About