[squid-users] security_file_certgen I/O

Alex Rousskov rousskov at measurement-factory.com
Thu Dec 2 16:15:15 UTC 2021


On 12/1/21 9:06 PM, Amos Jeffries wrote:

> The "file" in the helper name means one file per object, which is quite
> crude type of storage but very easy to implement as a proof of concept
> helper.
> 
> As Alex mentioned there are a lot of optimizations that can still be
> made (and bugs to fix) with the current helper code - and still not be
> best possible performance still due to the "file" nature of storage and
> relatively slow nature of disk I/O.
> 
> Improvements here and/or new helper implementations with better forms of
> storage are welcome.

I agree regarding generally useful improvements being welcomed.

I disagree regarding alternative implementations: The Project does not
have enough resources to properly support one implementation, so adding
another one does not sound like the best move at this time. Needless to
say, such unofficial alternatives can happily exist outside the Project,
where we do not have to support/maintain them. If somebody wants to
develop a second official certificate generator despite these concerns,
they should start with an RFC on squid-dev (rather than spending
resources on that at-risk-of-being-rejected development).


Cheers,

Alex.


More information about the squid-users mailing list