Ryan Bloom announced on Tuesday that he was taking an indefinite
break from Apache HTTP server development. Ryan had a defining role
in the creation of Apache 2.0 with his work on the APR portability
library, and has continued to be involved in 2.0 development
throughout its history.
In his parting message, Ryan mentioned that he had been working on
TLS upgrade support for Apache 2.0; a long sought-after feature for
SSL servers. The TLS upgrade protocol (as specified in RFC 2817) allows a client to begin an HTTP session to a plain HTTP
port, and then upgrade to SSL on the same connection. This technique
solves several problems; notably that SSL virtual hosting can be done
based on hostname rather than IP address, since the HTTP request will
include a Host header which can be interpreted by the
server before the SSL negotiation takes place. However, there is no
support for RFC 2817 in deployed web browsers and servers, and some
experts have stated that the current protocol is "pretty
A topic producing a large volume of mail over the last week was a proposal
to create new branches for continued development of Apache 2.0. The
proposal involves maintenance of two separate branches in CVS;
"development" and a "stable" trees, in a manner similar to the Linux
kernel. Major new features would only be added to the "development"
tree; the "stable" tree would accept only backwards-compatible bug and
The manager's terminal in a network of web-enabled smart terminals
running Linux has
an embedded Apache web server.
The terminals are being installed in all of the Burger King restaurants
in Puerto Rico.
In this section we highlight some of the articles on the web that are of
interest to Apache users.
"Apache: More than a Web server"
reveals other interesting projects under the Apache Software
Foundation umbrella. The author uses Apache projects such as PHP,
Tomcat, Xerces, Xalan, Cocoon, James, JetSpeed, Xindice, and Axis
because they are free, have decent documentation, and are stable
enough for a production environment.
The recent vulnerabilities uncovered in the Apache web server and
OpenSSL toolkit lead eWeek to evaluate the security of open source
"Open Source: A False Sense of Security?".
Citing the opinions of various parties with experience in both open
source and proprietary software, the consensus seems to be that
open source software is not automatically more secure but generally
the open source development model
enables flaws to be fixed quicker
thus allowing greater security.
A technical report entitled
"Two Case Studies of Open Source Software Development: Apache and Mozilla" can now be downloaded in PDF format,
which examines the claims that open source software development
methods are comparable to, if not better than (in some cases)
traditional commercial development methods. It forms several hypotheses by
analysing data from the Apache and Mozilla project, and concludes
with the expectation that a hybrid process will be adopted in