Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Mar 2019 13:57:00 -0400
From: Rich Felker <>
Subject: Re: Supporting git access via smart HTTPS protocol for

On Tue, Mar 26, 2019 at 11:57:43AM -0400, Drew DeVault wrote:
> On 2019-03-26 11:47 AM, Rich Felker wrote:
> > I don't see why thttpd is making it difficult. It makes routing with
> > haproxy difficult only because haproxy is more pedantic than any web
> > browser is about headers, but I don't want to use haproxy routing
> > anyway.
> Does thttpd even have routing at all? As far as I can tell it is not
> capable of sourcing routes from anywhere other than the filesystem. This
> makes conditionally dispatching requests to git difficult. Perhaps I
> misunderstand how this kind of thing could be configured with thttpd?

If configured to do so, when foo/bar does not exist but foo/ does, it
will exec foo/index.cgi with access to the full path requested. This
suffices for cgit paths so it should suffice for git http protocol

> > I'd love to have a modern one with the same type of design.
> > Unfortunately all the modern ones are hideous.
> The design is what's antiquted.

Well we disagree on this. I consider handling of all requests via the
filesystem, using a single-task poll() loop, and exec'ing a cgi child
process per dynamic request, to be the reasonable design from a
standpoint of both proper isolation and decent efficiency. The whole
"persistent task to handle dynamic content" thing was a mistake and is
a lot more error-prone *and* resource-costly unless you're using awful
language runtimes that are slow to startup.

> > > I'd vote in favor of switching to nginx, in the
> > 
> > nginx doesn't even support cgi. It just forwards to another server for
> > cgi. It's also horribly bloated and enterprise-ey. In 5-10 years it
> > will go exactly the same way Apache did. Watch for them to have their
> > own Tomcat but for whatever language displaces Java...
> I agree on all of these points, but I'd like to draw attention to the
> fact that 5-10 years from now is 5-10 years from now. That's plenty of
> time to come up with a better httpd, and in the meanwhile nginx has yet
> to go the Apache way.

It's already bad, just not *as bad*. And it's much worse than what we
have now, so there's no reason to switch to it.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.