[squid-dev] RFC Squid-4/5 branching

Amos Jeffries squid3 at treenet.co.nz
Sat Sep 5 19:39:50 UTC 2015 

The end of the year is coming up and I've been planning out the
branching of Squid-4 into beta and Squid-5 the new trunk.

As usual the goal is 1-3 betas and a stable Squid-4 by around Dec/Jan.
Since we have monthly betas that means branching in just 3 weeks at the
end of Sept.

This cycle we have been fortunate enough not to have a long list of
trunk bugs needing fixes. Even managing to take aim at some of the more
difficult Squid-3 ones in the past months.


So what new-feature projects do people have underway that they really,
really want to see included in Squid-4 and think thay can get done in
that kind of timeline?


My list to kick things off is:

* Parser-NG ICAP conversions - ETA now
 - first part in audit already, the followups are small and should not
affect stability.

* external_acl_type logformat conversion - ETA 4-8 weeks
- conversino itself is rather simple. But depends on AccessLogEntry
being available and state initialized. It will take time to check and
fix every async *_access point. Thus the long ETA.
 - it is fully backward-compatible with UI, so can probably be accepted
later in the betas. But not too late.


* TLS config changes - ETA 1-2 weeks
 - this one is about making the squid.conf settings like cacert= / cert=
take multiple values better. Same as was done already for squidclient
command options.
 - this is the final part of libsecurity project UI changes. After this
it should all be background incremental work.


* Makefile dependencies reduction - ETA 1-2 weeks
 - the main shuffling is almost done and ready for audit. The remainder
should not be affecting end users builds.
 - I've put this on the list so it can be over before the betas get
widely built.


For the sake of completeness these are also still underway, but unlikely
to make it for 4.x:

* HTTP/2
 - I would like to get some of the infrastructure changes into 4.x, but
the core protocol changes are still way to incomplete even to test.


* flexible auth_param schemes and re-addition of Kerberos raw-GSSAPI scheme
 - library re-arrangement is worked out. But it is another major change
in auth, which past experience show could mean lots of testing yet to
happen.
 - I'm actually inclined to defer work until after branching then target
it at 5.x now.
 - while this wasy underway Digest and Basic auth had new RFCs issued.
So there may be new compliance changes complicating things in the near
future.


Cheers
Amos

More information about the squid-dev mailing list