×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apache May Stop 1.3, 2.0 Series Releases

Soulskill posted more than 4 years ago | from the out-with-the-old dept.

Software 77

Dan Jones writes "The Apache Software Foundation may stop releasing new versions of the older 1.3 and 2.0 series of its flagship Web server product with most development now focused on the 2.2 series. Nothing is final yet, but messages to the Apache httpd developer mailing list recommend the formal deprecation of the 1.3.x branch, with most citing a lack of development activity. The Apache HTTP server project is one of the most successful and popular open source projects and has become an integral part of the technology stack for thousands of Web and SaaS applications. The first generation of Apache was released in 1995, and the 2.0 series began in 2002. Apache httpd 2.2 began in 2005, with the latest release (October 2009) being 2.2.14. However, the most recent releases of the 1.3 and 2.0 series servers were back in January 2008. With the combined total of active 1.3 and 2.0 series Apache Web servers well into the millions, any decision to end-of-life either product will be watched closely."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

77 comments

oh noes.... (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30737438)

for all those mac osx server goons who think they are server admins cause they run mac osx server....

MUS and UPT problems (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30737482)

A poster here recently submitted a comment containing information regarding some software that could aid people suffering from MUS's (Multiple Urine Streams) and/or UPT (Unpredictable Piss Trajectory). I am suffering from both, and don't know how much longer I can afford to keep buying toilet paper to soak up the piss that soaks my bathroom floor! I have asked my wife to check my glans, and it is indeed debris free, however I am unsure about the configuration of my foreskin, and wonder wether this may be the problem. Does anyone have the original poster's comment to hand, or remember the software used?

Re:MUS and UPT problems (0)

Anonymous Coward | more than 4 years ago | (#30743734)

Simple solution: sit down when you pee

Surly this is just a formality (2, Interesting)

Chrisq (894406) | more than 4 years ago | (#30737594)

Surly this is just a formality. If there have not been updates for two years they are pretty-much dead projects anyway. Conversely if you have been running on an old system for two years without problems then its likely to be pretty stable, so you can just stick with it on the understanding that there will be no fixes or enhancements.

Re:Surly this is just a formality (1)

jellomizer (103300) | more than 4 years ago | (#30737904)

But this is slashdot...

The Open source product we will say the product is allowed to die. But if it was Microsoft we will fight tooth and nail to keep Windows 3.1 from going EOL. Stating how so many people still need it.

Re:Surly this is just a formality (4, Insightful)

TheRaven64 (641858) | more than 4 years ago | (#30738152)

With open source, the product doesn't need to die. If ASF isn't going to put any more resources into it, but other people are still using it, then the code is out there and they can hire someone to work on it. There are lots of developers familiar with the Apache codebase who, I'm sure, would be happy for someone to pay them to back-port fixes to the 1.3 and 2.0 series.

It's also worth noting that this has, in fact, already happened. The OpenBSD base systems includes a fork of Apache 1.3.29 and will probably continue to do so for a long time, because Apache 2.x has a new license.

Re:Surly this is just a formality (0)

Anonymous Coward | more than 4 years ago | (#30738544)

With open source, the product doesn't need to die. If ASF isn't going to put any more resources into it, but other people are still using it, then the code is out there and they can hire someone to work on it.

This isn't unique to open source. If a company that supports a closed-source product wants to end support, their customers can always pay them to continue support for the product somewhat longer. In my experience, that scenario is not all that unusual.

Re:Surly this is just a formality (4, Insightful)

TheRaven64 (641858) | more than 4 years ago | (#30739382)

If a company that supports a closed-source product wants to end support, their customers can always pay them to continue support for the product somewhat longer

Their customers can always offer to pay them to continue support. The company may accept, or it may decide that discontinuing the product and expecting the customers to upgrade is more profitable.

The responsible thing is to ... (1)

bussdriver (620565) | more than 4 years ago | (#30739338)

Apache should keep hosting basic pages for the old series with at least LINKS to where the projects have moved to be maintained. Sourceforge for example or OpenBSD.

The realistic measure should be USAGE not how much development activity there is on the last branch. Bug fixes may be few and years between when the software becomes rock solid. "Perfect" software (unobtainable) would never need patching outside of changes in the abstraction layer with the OS (ignoring compiler issues) but under this line of thinking --- actively debugged software is "alive" and the more bugs and unfinished features plaguing coders the better.

The reality is that if you have a program that does its job well and has been made stable and secure - WHY SHOULD IT BE UPGRADED? other than changes to port it to new systems (those needs should diminish with time as well) and maybe a few bug fixes.

I'm not advocating supporting old versions; however, I think its foolish to judge 'finished' projects as dead and useless - they should at least host the code and/or link to somebody who is willing to maintain it.

Re:Surly this is just a formality (0)

Anonymous Coward | more than 4 years ago | (#30738664)

As it is an Open source product feel free to pick up supporting it. Good luck with doing the same with a M$ product.

Re:Surly this is just a formality (1)

mwvdlee (775178) | more than 4 years ago | (#30741746)

Open Source products never die, they just hibernate until somebody starts using it again.

What Apache is effectively saying is; we don't plan on doing any active development on those products anymore. Rest assured that if a severe enough bug is found in Apache 1.3 or 2.0, it WILL be fixed. There's always somebody willing to put in the effort to fix it, and that's all that is needed.

Re:Surly this is just a formality (1)

M. Baranczak (726671) | more than 4 years ago | (#30737910)

Who you calling surly?

And what does this mean exactly? Obviously, no new features for 1.3 and 2.0 - what about bugfixes? They say: "we'll be distributing security updates by other means" - what are these other means?

Re:Surly this is just a formality (5, Informative)

colmmacc (313383) | more than 4 years ago | (#30738288)

As per http://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x/README [apache.org] , the proposal (Full disclosure: I'm colm@apache.org - the proposer), was that we would start distributing security patches via;

    http://www.apache.org/dist/httpd/patches/ [apache.org]

The main point is to reduce the overhead and burden of creating full releases. Releases take a large amount of community involvement and time, and are becoming impractical. The 1.3.x branch does not even build on many modern platforms - for example the configure script is incompatible with dash and there is a getline() function which conflicts with a glibc neologism.

Hope that helps.

Re:Surly this is just a formality (0)

Anonymous Coward | more than 4 years ago | (#30743028)

The 1.3.x branch does not even build on many modern platforms - for example the configure script is incompatible with dash

You appear to have that ass-backwards, surely it is dash that is incompatible with the configure script?

and there is a getline() function which conflicts with a glibc neologism.

How did you manage to mispell "Posix 2008" as "a glibc neologism"? I've been running 1.3.42-dev since .41 was tagged, there were no build issues on my current systems 8? months ago and nothing here that'd take any competent admin longer than 10 minutes to fix. If you can't s/getline/ap_getline/g or #undef __USE_XOPEN2K8 you should advertise for maintainers.

Re:Surly this is just a formality (1)

ircmaxell (1117387) | more than 4 years ago | (#30738026)

Well you have to define the term stable. There's a big difference between "doesn't need new features" and "is bug free" and "has no security issues"... There's also different methods to deal with the deprecation. I'd HATE to see them stop support entirely on those branches simply because there's little activity. So many sites rely on them that upgrading would be a non-trivial act. What I would rather see is a "staged" deprecation. Basically reduce 2.0 and 1.3 to "security and mission critical bug fixes only". That way if a major security issue is found, it can be fixed (same with a major bug, but at this point what's the chance of that)... After a set amount of time in that phase, support would be dropped entirely. So say the security support for a branch lasts 3 years. That way it gives admins a chance to upgrade the software without putting themselves at undue risk...

Just my $0.02...

Re:Surly this is just a formality (1)

Kjella (173770) | more than 4 years ago | (#30738262)

Mostly. But if you found a really, really nasty security bug, does Apache go "OMG we must fix this" and release a vulnerability alert and a new point release even though it's been two years, or do they say that "that one's out of any kind of support, even extended security-only support, go upgrade because we won't even look at it". That is an important cutoff, even though nothing much happens with any product 3+ years after its release.

Netcraft confirms... (2, Funny)

adnonsense (826530) | more than 4 years ago | (#30737596)

...Apache 1.3.x is dying

Re:Netcraft confirms... (4, Insightful)

Sir_Lewk (967686) | more than 4 years ago | (#30737644)

Bizarrely enough, this is actually something netcraft might confirm.

Re:Netcraft confirms... (1)

hardwarefreak (899370) | more than 4 years ago | (#30752800)

...Apache 1.3.x is dying

Has been for a looong time. Thus, I switched to Lighttpd. Apache2 is too bloated for me, sucks too much memory by default, and is too difficult to configure for small simple sites (last I tried anyway, which was a looong time ago).

about time (0)

Anonymous Coward | more than 4 years ago | (#30737608)

Time to upgrade, this isn't 1995 anymore.

Re:about time (3, Informative)

chrysalis (50680) | more than 4 years ago | (#30737724)

Right. Upgrade to a modern HTTP server like Nginx http://www.nginx.net/ [nginx.net] or Lighttpd, you won't regret it.

And if for some reason you really need Apache 1.3.x, this code is maintained by OpenBSD and an enhanced version is shipped with the OS.

Re:about time (2, Interesting)

Richard_at_work (517087) | more than 4 years ago | (#30737992)

I looked into using Nginx earlier last year for reverse proxy and load balancing, and I have to say that I abandoned it due to the poor documentation - it was insanely hard to get any actual information on settings and configuration beyond sample rules.

Re:about time (4, Interesting)

TheRaven64 (641858) | more than 4 years ago | (#30738200)

I found the Lighttpd documentation quite good. It was certainly easier to set up (for me) than Apache. The simple vhosts mechanism is great; just create a new directory (or symlink) for each vhost. No need to edit the configuration files.

Re:about time (1)

chrysalis (50680) | more than 4 years ago | (#30743024)

Either it is a joke, or it was ages ago.

Nginx has a completely decent documentation: http://wiki.nginx.org/Main [nginx.org]

And some tutorials to begin with: http://nginx.org/en/docs/http/request_processing.html [nginx.org] - http://nginx.org/en/docs/http/server_names.html [nginx.org] - http://nginx.org/en/docs/http/configuring_https_servers.html [nginx.org]

Re:about time (1)

inKubus (199753) | more than 4 years ago | (#30747864)

Either it is a joke, or it was ages ago.

Or maybe he just didn't remember to think IN RUSSIAN.

Re:about time (0)

xmff (1489321) | more than 4 years ago | (#30738714)

The problem is that nginx does not support IPv6 which is kind if sad for a "modern" HTTP server. Also both nginx and lighttpd do not support mod_dav_svn as far as I know, apart from that both projects are pretty decent.

Re:about time (1, Informative)

Anonymous Coward | more than 4 years ago | (#30738922)

The problem is that nginx does not support IPv6 which is kind if sad for a "modern" HTTP server.

Not sure what universe in which you reside, but in this one nginx has supported IPv6 since 0.7.36, released in 21 Feb 2009.
Sauce: http://nginx.net/CHANGES-0.7

Re:about time (0)

Anonymous Coward | more than 4 years ago | (#30739386)

Or if you're not a pretentious idiot you can just upgrade to 2.2. peace.

Re:about time (1)

carlhaagen (1021273) | more than 4 years ago | (#30739514)

I spent one whole year with Lighttpd - and never again will I go back. It "gets the job done", no doubts there, but in terms of managability and ease/versatility of configuration, it just cannot compare itself with Apache.

Re:about time (1)

cstdenis (1118589) | more than 4 years ago | (#30741154)

That's all well and good 'till one of your clients wants to use a .htaccess file.

I make some use Nginx for my own sites on my own dedicated servers (and it works great for that), but for my shared web hosting clients, I need to use Apache because all kinds of common software like CMS systems want to use .htaccess files, and Nginx doesn't support that.

If the Nginx project wants to take a good share of the shared hosting market, they are going to need to come up with support for .htaccess files, and the Apache config directives they contain.

go for it (3, Insightful)

resfilter (960880) | more than 4 years ago | (#30737620)

of course, tons of servers still run the 1.3 and 2.0 branches

these people don't care if they're in active development - and almost all of them are running them because upgrading isn't worth it for their application.

all these people care about are security patches. as long as that keeps happening, depreciate them all you want

it's just like people running 2.2.x kernels on high uptime servers. they don't want new features - if they were willing to install a new version of something every time a new feature came out, they'd be running 2.6.x now anyway. but they'll keep using it as long as reliability and security fixes keep rolling out.

Re:go for it (4, Interesting)

garcia (6573) | more than 4 years ago | (#30738214)

almost all of them are running them because upgrading isn't worth it for their application.

Or because the new configuration scheme is not backwards compatible and the time required to get up to speed on the new config is too much of a hassle. There should have been some sort of 1.3->2.0->2.2 configuration updater. If there is and I'm just blind please point in the general direction :)

Re:go for it (1)

dingman (126949) | more than 4 years ago | (#30738336)

2.0 is still supported in several Linux distros, including Red Hat Enterprise Linux 4, which is still in support. If you truly need 2.0.x, Red Hat (and I assume other distro maintainers) can be expected to continue providing basic security fix updates to the 2.0 series as long as RHEL4 is still in support. I don't see much reason to expect an upstream project like Apache.org to do that.

[Yes, I work for Red Hat. But I only represent myself, not my employer nor my colleagues.]

Re:go for it (1)

Eil (82413) | more than 4 years ago | (#30745316)

of course, tons of servers still run the 1.3 and 2.0 branches

these people don't care if they're in active development - and almost all of them are running them because upgrading isn't worth it for their application.

I'm going to go out on a limb here and say the real reason they don't upgrade is because they don't know which version of Apache they're using, and/or don't care.

I work for a web hosting company and lots of our customers are still running 1.3 and 2.0 because that's what they were originally set up with. If we asked them to upgrade to 2.2, almost all of them would say, "What for? My site runs perfectly fine, don't touch it." As a courtesy, we offer to migrate our customers' data from their old web host if they sign up with us, and a lot of our competitors are really fly-by-night operations running a stock version of cPanel from 5 years ago. Working in web hosting, you come to realize that for every web site maintained by a competent administrator, there are 100 more that are just slapped on a server by some Dreamweaver amateur and not touched for years.

Security Patches (2, Interesting)

TheNinjaroach (878876) | more than 4 years ago | (#30737626)

What kind of impact will this have on security patches for remaining security flaws (if any) for 1.3 and 2.0? TFA states that security updates would be provided by "some other means" but I'm not sure what those are.

Re:Security Patches (1)

zwei2stein (782480) | more than 4 years ago | (#30737740)

It is opensource project, anyone and everyone, especially businesses that use that software, is candidate for those "other means". That is kind of OS gimmick.

Re:Security Patches (1)

MBGMorden (803437) | more than 4 years ago | (#30738090)

It's not really a "gimmick". It usually does work out that way.

Apache can drop official support for them, but the reality is if some major security vulnerability comes out SOMEBODY will probably find it worth their time to go fix it. Given the way the OSS community works, those somebodies usually don't mind distributing their patch.

So while the Apache Foundation won't necessarily have a team working on it, you can bet that you'll probably still get security patches for it as long as there's interest (and if you don't - you have the source. How about fix it yourself and pass the patch along? :)).

While there are certainly SOME things that I've noticed proprietary companies do better (mostly games), open source certainly does have it's advantages.

Re:Security Patches (1)

onebuttonmouse (733011) | more than 4 years ago | (#30741882)

OpenBSD still won't include 2.0 or 2.2 in the distribution because the licence is not acceptable to them. I imagine they will continue take an interest in the 1.3 branch.

You can not kill FOSS! (2, Insightful)

LWATCDR (28044) | more than 4 years ago | (#30737672)

All kidding aside anybody with the skills and resources can now take over 1.3 and keep updating it. You can not really EOL a FOSS program if anybody wants to keep it alive. That being said there are other light weight web servers that can do what people are using 1.3 for. Now Apache 2.0 may be a bit harder to replace since the migration isn't automatic from what I hear.

Can Too (1)

fm6 (162816) | more than 4 years ago | (#30741958)

anybody with the skills and resources can now take over 1.3 and keep updating it.

And who, exactly, has these resources? This is not something a few hackers can take over and keep maintaining in their spare time. A project this size needs project management, QA resources, bandwidth, and a lot of developer hours.

Apache has done well because it has a robust well-funded organization behind it. That organization exists because a lot of people need Apache to prosper in order to prosper themselves. Yeah, if some of these supporters want to keep 1.3 alive, they can start a new organization for that purpose. But they won't, because it would cost big bucks, and there's no business model to make it worth their while.

All significant OS projects work this way. The common notion that a big software project is alive as long as the source code is available is laughable to anybody who's actually participated in such a project.

Re:Can Too (1)

LWATCDR (28044) | more than 4 years ago | (#30742294)

"And who, exactly, has these resources?"
IBM, Google, Intel, a large ISP, or a major university.
That is why I said talent and resources, you are completely correct that it can die but not if enough users or powerful enough users want to keep it alive. You could also just keep it as is and just keep adding security patches which would take a lot few resources than active development.
And I really should have clarified that resources part. I was thinking of somebody like say RedHat, Novell, or IBM when I made that statment.

Re:Can Too (1)

fm6 (162816) | more than 4 years ago | (#30745074)

You forgot to mention Donald Trump.

In addition to the resources, you have to have a sane business case for expanding them. I believe I mentioned that.

Re:You can not kill FOSS! (1)

zekele2 (1556449) | more than 4 years ago | (#30746374)

All kidding aside anybody with the skills and resources can now take over 1.3 and keep updating it. You can not really EOL a FOSS program if anybody wants to keep it alive.

OpenBSD's forked version of Apache 1.3.29 already fulfills this role.

Putting closure on a software project is important (5, Interesting)

MaraDNS (1629201) | more than 4 years ago | (#30737960)

Putting closure on a software product is important.

Professional software usually has an EOL schedule. For example, RedHat Enterprise Linux and Windows XP both have EOLs for early 2014. This allows people using the software to plan upgrades and know when they need to be making a transition.

This is equally as important for open-source software. It looks really bad when this is not done. For example, Dan Bernstein's DjbDNS software package has three unpatched security holes [maradns.org]. People using this software have to know about these holes and apply third-party patches.

In addition, when the maker of an open-source program says "OK, I'm done with this program.", it allows maintainers to step forward and take over the project. For example, when I announced I would no longer work on a Doom random map generator [blogspot.com] I had been hacking on for a while, someone expressed interest in maintaining the software, and subsequent updates have since been done [blogspot.com].

I think the Apache foundation should either say "OK, we'll still fix security bugs on this program" or "We're no longer maintaining this release". This way, the users of these programs know whether to upgrade, form their own group applying security patches, or just know they're OK from a security prospective if they're current.

I have blogged about putting closure on open-source projects [blogspot.com] and have well defined EOL dates for older releases of my own MaraDNS [maradns.org].

A lot of open-source projects just languish when the developers lose interest; I feel this is irresponsible and feel EOL dates and putting closure is important.

Re:Putting closure on a software project is import (1)

rubycodez (864176) | more than 4 years ago | (#30741994)

wrong, it is irresponsible of *YOU* to use software which is not activity patched and maintained. Pretty easy to not commit that sin if you stay with high-level distro's maintained packages. But otherwise it's on your head. No one has to maintain software you like just because you wish they would.

Re:Putting closure on a software project is import (1)

tyrione (134248) | more than 4 years ago | (#30743892)

High-level distros EOL software all the time, based upon the project's design goals. They maintain builds, they do not develop the solution. Clearly, Debian has 5 levels of distribution structure and anyone running a 2.2 kernel Debian knew long ago that it was not going to be actively maintained whereas the 2.6.current branch is obviously being patched and changes moved upstream to the Kernel trunk.

About time (2, Insightful)

ironicsky (569792) | more than 4 years ago | (#30738018)

Supporting Apache 1.3 is like Microsoft supporting Windows 98. Apache 1.x is almost 15 years and Apache 2.x has been out for 10 years. People have had plenty of time to upgrade. It's time to move on.

Re:About time (0)

Anonymous Coward | more than 4 years ago | (#30738890)

Why would you upgrade something that works? Apache 1.3 is 15 years old and still in active use for a reason. "Support" is not that reason.

Re:About time (0)

Anonymous Coward | more than 4 years ago | (#30740170)

Yes, and supporting x86 is a branch of computer-necrophilia. So what?

From someone with only cursory knowledge (0)

Anonymous Coward | more than 4 years ago | (#30738314)

how does the statement "We will stop releasing new versions of version 1.3 and 2.0 and continue to release new versions of version 2.2" make sense?

Have we abandoned the straightforward Arrow of Versionity?

What for? (0)

Anonymous Coward | more than 4 years ago | (#30738380)

Apache 2.x has never been a credible replacement for Apache 1.3 unless you happen to be using Microsoft Windows. Apache 1.3 is stable and does what people want, how difficult is it to maintain really? Are Microsoft paying the Apache Foundation, or are they just about to surrender the web server market on a voluntary basis? It'll take me a few weeks to upgrade every server and port rewrite rules to nginx, or we can easily maintain a fork of 1.3.

*shrug*

I would like to see 1.3 stay (1)

carlhaagen (1021273) | more than 4 years ago | (#30738532)

I make thorough use of it on many platforms, for the reasons that it has a notably smaller memory footprint, runs swifter, and is a bit more manageable than both of the 2.x branches. I recognize the extended, native feature set of the 2.x branches; but I simply don't need any of them; they are not apt replacements for what 1.3 offers. I also recognize the problem with the 1.3 branch not quite receiving the attention it could do with regarding updates (although 1.3.41 has no known security issues at the moment), but I still prefer 1.3 over the 2.x branches. Eventually stagnation of 1.3 will force me to move to 2.2, but I will wait patiently. THTTPD is not a good substitute today.

Re:I would like to see 1.3 stay (2, Insightful)

lofoforabr (751004) | more than 4 years ago | (#30739578)

Although 1.3 certainly has a smaller memory footprint without some features I don't need, I usually try to get the best from both worlds. For my applications, I normally use the latest apache, and leverage its memory usage by using any of the following:

  • Offloading static content to a lighter web server, like lighttpd;
  • Using a cache layer in the application itself, to avoid high memory consumption (in PHP or whatever language);
  • Getting a reverse proxy in front of all of it (squid does a remarkable job).

Not all of them are required in every application, but if it starts to grow, staying with just apache isn't normally a good solution.

You might look at Varnish (0)

Anonymous Coward | more than 4 years ago | (#30740746)

If you have to do a lot of reverse proxying then you might want to check out Varnish [linpro.no]. It performs much better than squid, but it only works for reverse-proxy.

Is Solaris shipping 2.2 yet? (1)

Geeky (90998) | more than 4 years ago | (#30739378)

The last install I did of Solaris 10 included Apache 2.0 (.58, IIRC), so there are still new installations going in with 2.0. Since Sun started shipping Apache with the OS, we tend to use it rather than create our own packages or use the Sun freeware versions - theoretically, Sun will support the OS supplied version (never needed support on it, so couldn't say).

  I believe the cooltools versions use 2.2, but not sure if the latest 10 releases include it as standard.

Our production estate includes everything from 1.3 up.

Fully backwards compatible, or dead end. (0)

unity100 (970058) | more than 4 years ago | (#30739384)

sorry.

im in web hosting and web development business, and i can easily say that majority of the web still runs on 1.3. innumerable scripts, modules, software were coded for 1.3, and there are innumerable websites that still need those stuff. even the clients which start with newer versions are sometimes having to go back to 1.3 because they need some module or software that is uncommon but vital in their line of business.

'obsolete','old','development ceased','not supported' etc do not count. this is about business. small businesses and individuals, who constitute the majority of the web dont have the funds or time to get all their setups ported to a wholly new webserver. they just wont. because they cant. its just like the xp -> vista -> 7 thing, but much more serious in that, they dont have the funds or possibility to upgrade by themselves.

2.0 didnt get hold at all in the broad web. there are 'edgy' people using it, and edgy web hosts offering it, but majority of the hosts just offer 1.3 because of the software support for it. just like windows and its broad software support base.

this is a practical issue. people wont just roll over to 2.0 or 2.2 just because smart programmers made them, and they work better. there are more pragmatic issues at stake here. if you dont take backwards compatibility into FULL account, people wont use your new version and just go with the old. as long as there are charitable people (in or outside the apache developer base) that fixes any security issues that are found out, they will just stay on 1.3. this WONT be good for either apache, or open source software in general.

i implore you, please do not be elitist or self righteous and try to force anything on the people. for, this is 'the people', leave aside not liking being forced (and hating self righteous behavior), this time they dont have the means and resources to do what they are forced either.

remember, software didnt build the web - people did it.

Re:Fully backwards compatible, or dead end. (1, Funny)

Anonymous Coward | more than 4 years ago | (#30739904)

So, do all people in "web development business" lack the SHIFT key or just you?

Re:Fully backwards compatible, or dead end. (0)

Anonymous Coward | more than 4 years ago | (#30740050)

Maybe he just likes Mark Twain:
http://www.mantex.co.uk/samples/spell.htm

Re:Fully backwards compatible, or dead end. (1)

T-Ranger (10520) | more than 4 years ago | (#30741206)

I was going to say. Yeah, you do have bigger issues then upgrading your webserver software... Like replacing your broken keyboard.

Re:Fully backwards compatible, or dead end. (4, Insightful)

shutdown -p now (807394) | more than 4 years ago | (#30740596)

There's no way I can subscribe to the notion that Apache developers (or anyone, really) has an ethical obligation to keep maintaining a 10 year old codebase with any kind of implied guarantee. If there was a contract in place requiring that, then sure; but there isn't such a thing here.

Any people using Apache 1.3 should have really see this coming, and there's absolutely no excuse not to. It's the standard way of doing things in this industry, and if anything, the term was already waaay longer than is common.

Furthermore, the options are also fairly obvious:

1. Upgrade your environment to 2.2 (or pay someone to do so for you and accept responsibility).

2. Keep maintaining 1.3 on your own (or pay someone to do so for you and accept responsibility).

3. Migrate to a different server (or pay... you get the idea).

Now you also say that:

they dont have the funds or possibility to upgrade by themselves

to which I can only reply, "too bad, they should have engaged their brains at some point in the past - they had 10 years to do so". If they're screwed, they have absolutely no-one to blame by themselves.

Of course, in reality, when they realize that the FOSS white knight in shining armor won't save their ass by keeping to provide them quality software for free this time, you can bet the funds will suddenly be found. Furthermore, I suspect that vast majority of those people would actually go with option #1, and just upgrade to 2.2 (and also learn their lesson to keep up with the update curve to a reasonable extent to minimize "late upgrade" expenses).

Or maybe, if there are really that many 1.3 users who absolutely won't move to 2.2, and each one has so little money they can't pay anyone to get them to move to anything else, either (where are they hosting? in the basement?), then, well, the beauty of FOSS is that they can also come together, form some sort of non-profit funded by all of them - with minimal amount of contribution from each - that would hire people to fork and maintain 1.3 for the benefit of all.

Or maybe they can just donate to OpenBSD.

In any case, if people "don't have the means or resources" (which ultimately means "money") to do their business, then they shouldn't stay in that business - it really is as simple as that.

well excuse me, but all of your points are void. (1)

unity100 (970058) | more than 4 years ago | (#30749624)

the obligation is not ethical. its practical.

logical words, rationalizations, and even being right wont change the matter.

the success of a project, and ultimately open source depends on people using it. if the people and businesses using it are left out in the cold like piles of crap, by a major project, even only once, the opinion against open source will change. and the masses which were using that software will switch to other providers. very probably closed source proprietory software, because at least the companies will seem more reliable than open source by that point.

this, that or those do not matter. this is a matter of pragmatism and practicality. it doesnt matter zit whether you are right in ANY of your points. this is a matter of brutal pragmatism. if you fail them, masses will leave you. and you can only shove your project up hobbyists' asses at that point.

this is the mechanic which made microsoft come out far ahead of other competitors in early 90s. masses' usage. lose it, you lose everything.

its sad to see a lot of self-righteous and elitist responses being posted to grandparent. it shows how remote from brutal reality some of you people are. however it was not unexpected.

Re:Fully backwards compatible, or dead end. (1)

Improv (2467) | more than 4 years ago | (#30742416)

How many years do you expect 1.x to be supported? 2.x is a bit over 8 years old right now, and as OP notes, it might not run on modern OSs. At some point, people will have to make the change (staying still is for the Amish - not everyone needs to be an early adopter, but doing anything on 1.x is getting very curmudgeonly at this point. You're not going to see a lot of support for ancient software in open *or* closed source environments.

Also, you're not the people if you're thinking this way, you're a business. Like in all business, someday your business model will need to be revised or will become obsolete as technology shifts happen. It's a basic fact of life - we may want things to be reasonable when you're reasonable (even if you're on the conservative end of reasonable), offering reasonably long support, but it will not last forever. Eventually you look around and find you're the last buggy on the road, surrounded by cars.

Re:Fully backwards compatible, or dead end. (1)

unity100 (970058) | more than 4 years ago | (#30749640)

small businesses do not have the funds or time to make any kind of migration. this is a matter of life and death for many. 'necessities' of business, or 'technology' do not make any difference in such a situation. especially during a global crisis.

Re:Fully backwards compatible, or dead end. (1)

Improv (2467) | more than 4 years ago | (#30754266)

Then they will die. The world is not going to stand still for them. Customers arn't going to keep wanting Apache 1.x. OS's will stop supporting it. They won't be able to keep it secure if they stay behind on old OS's, and eventually won't be able to replace hardware when it wears out because such an old OS won't run on it. Changing tax codes might cause their frozen-in-time accountant's head to burst. Changing legal requirements might cause these in-a-rut businesses to fall apart.

Businesses that are so easily broken are like a soap bubble - if they can't even be bothered to deal with reality as it changes around them, there's no hope and any success they have will be fleeting.

Re:Fully backwards compatible, or dead end. (0)

Anonymous Coward | more than 4 years ago | (#30743198)

im in web hosting and web development business, and i can easily say that majority of the web still runs on 1.3.

I'm not sure if you are in the ghetto end of the web hosting business or what, but 1.3 hasn't been in the norm in years. In the real world of webhosting, we can afford keyboards with a working shift key too. Tool.

Number 1! (1)

fm6 (162816) | more than 4 years ago | (#30741492)

The Apache HTTP server project is one of the most successful and popular open source projects

One of them? Is there any other OS project that even comes close to Apache's impact?

Re:Number 1! (1)

tyrione (134248) | more than 4 years ago | (#30743918)

From a few comments you'd think nginx and lighttpd are eating it's lunch. Let's face it, Apache wants to move onto the 3.0 future.

Re:Number 1! (1)

fm6 (162816) | more than 4 years ago | (#30745122)

Apples and oranges, really. Lightweight http servers just don't serve the same users as Apache.

What about my httpd v1.0 pre-alpha? (0)

Anonymous Coward | more than 4 years ago | (#30741578)

I'm still using httpd v1.0 pre-alpha -- are you telling me I'm not going to get future updates now?
 
// but seriously, I migrated my servers from 1.3 to 2.0 and then to 2.2 and it's no biggy. In fact, it gets better when you migrate up.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...