In or Out [part 2]
One event that prompts this reflection is Helmut Tessarek’s recent announcement of mod_auth(nz)?_ibmdb2, which he developed as a third-party addon. From the description, it looks good: the module has seriously useful capabilities like cacheing database lookups, and he’s included a set of useful-looking admin tools.
The announcement prompted this discussion, the crux of which can be summarised as:
- Him: Here’s this new module with a great feature set
- Me: Nice, but it would have been even nicer within the DBD framework, with benefits for both you (DBD architecture’s efficiencies) and us (rich implementation and nice utilities).
- Him: Agreed. But the module needs features that aren’t supported in Apache’s DBD framework.
This is IMHO a classic case where it would be of great benefit for him to participate directly in the developer community, and I’ve suggested he does so if he has more time to continue this work.
First, if he discusses with us how the DBD framework fails to meet his needs, we can then consider whether this merits changes to DBD. The worst outcome is that we can’t reasonably do that, and it’s back to square one.
Second, it would be great if the cacheing and the utilities could apply equally all authnz backends, according to each sysop’s needs. Or, at the very least, to other SQL-driven backends.
Third, and much less importantly, the cache’s backend might have generalised using apr_dbm.
So, his kitchen-sink authnz module, which is great in the old style of Apache 1.x and 2.0, would instead have been modularised to:
- A review of DBD
- A DB2 driver for DBD
- A general-purpose authnz cacheing module.
- A set of general-purpose utilities.
The volume of code and the work required to implement it should be substantially the same. It’s just taking best advantage of the Apache 2.2 architecture, and at the same time making a great new contribution! A strong case for better in than out, in my view!
So, what can we identify here that makes it better in than out? I think the key point is that it interacts with the “bleeding edge”: namely, the DBD framework and the authnz framework, both of which are new in Apache 2.2. In doing so, it may tread paths that are firmly on the core developers wishlists, and offer valuable insights.