On 03.03.2018 18:46, Philip Martin wrote: > Branko Čibej <br...@apache.org> writes: > >> So if I understand this debate correctly: The authz code is so much >> faster now that parsing the authz file and performing the authz lookups >> beats calculating its MD5 checksum? > More that reading/checksumming is still too slow to be done repeatedly. > > 1.9 reads the file once, per connection, and then does authz lookups on > lots of paths. The authz rules are fixed for the duration of the > connection. > > 1.10 was reading and performing the checksum repeatedly as well as doing > the authz lookups on lots of paths. The authz rules can change during > the connection lifetime. The authz lookups are faster than 1.9 but not > enough to offset the repeated reading/checksumming. > > 1.11 goes back to reading the file once, and still does the same authz > lookups. The authz rules once again remain fixed for the duration of > the connection.
Yes, I see the backport proposal now. Makes sense. In other words ... if we wanted to make authz changes have immediate effect, we'd need a better (faster, or at least non-blocking) way to determine that the rules changed than reading the authz file, even if just to verify its hash without actually parsing it. But that can be done properly at a later date without causing a regression relative to 1.9 behaviour. -- Brane P.S.: Running tests now with the patched 1.10.x, will vote on the backport as soon as that's done. If it's approved, I believe we have to move our expected release date from 28th March to 4th April?
