Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 26 Mar 2019 13:57:00 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Supporting git access via smart HTTPS protocol for
 musl-libc

On Tue, Mar 26, 2019 at 11:57:43AM -0400, Drew DeVault wrote:
> On 2019-03-26 11:47 AM, Rich Felker wrote:
> > I don't see why thttpd is making it difficult. It makes routing with
> > haproxy difficult only because haproxy is more pedantic than any web
> > browser is about headers, but I don't want to use haproxy routing
> > anyway.
> 
> Does thttpd even have routing at all? As far as I can tell it is not
> capable of sourcing routes from anywhere other than the filesystem. This
> makes conditionally dispatching requests to git difficult. Perhaps I
> misunderstand how this kind of thing could be configured with thttpd?

If configured to do so, when foo/bar does not exist but foo/ does, it
will exec foo/index.cgi with access to the full path requested. This
suffices for cgit paths so it should suffice for git http protocol
too.

> > I'd love to have a modern one with the same type of design.
> > Unfortunately all the modern ones are hideous.
> 
> The design is what's antiquted.

Well we disagree on this. I consider handling of all requests via the
filesystem, using a single-task poll() loop, and exec'ing a cgi child
process per dynamic request, to be the reasonable design from a
standpoint of both proper isolation and decent efficiency. The whole
"persistent task to handle dynamic content" thing was a mistake and is
a lot more error-prone *and* resource-costly unless you're using awful
language runtimes that are slow to startup.

> > > I'd vote in favor of switching to nginx, in the
> > 
> > nginx doesn't even support cgi. It just forwards to another server for
> > cgi. It's also horribly bloated and enterprise-ey. In 5-10 years it
> > will go exactly the same way Apache did. Watch for them to have their
> > own Tomcat but for whatever language displaces Java...
> 
> I agree on all of these points, but I'd like to draw attention to the
> fact that 5-10 years from now is 5-10 years from now. That's plenty of
> time to come up with a better httpd, and in the meanwhile nginx has yet
> to go the Apache way.

It's already bad, just not *as bad*. And it's much worse than what we
have now, so there's no reason to switch to it.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.