In this issue

Mailing list traffic over the last few weeks was dominated by two long threads discussing the state of Apache development and of the development community in general. Stas Bekman began the first thread, pointing out the noticeable drop in volume of list traffic over the last 18 months, and suggested several reasons why the pace of development might be slowing down. The second thread then went on to discuss the 1.3/2.0 split, and whether integration of substantial new features for 1.3 should be encouraged. There were many differing opinions on these topics, and even a few differing micro-benchmarks comparing 1.3 and 2.0.

One concrete result of the discussions was an audit of the bug database by Jeff Trawick, ensuring that all bug reports which included patches are marked with the "PatchAvailable" keyword: these can now be viewed in a single query.

The fix for a mod_usertrack bug (BZ#16661) which was included in the recent 1.3.29 and 2.0.48 releases caused an unforeseen regression when CookieTracking On is used without a CookieName directive. The workaround is to add CookieName Apache to the configuration; the new bug is being tracked as BZ#24483.

Aaron Bannert made some test tarballs for a first release from the "unstable" 2.1 tree available for download; the most significant changes in the 2.1 tree which have not been backported to 2.0 are the rewrites of mod_include and the authentication modules. PHP users might be interested to try out the second beta of PHP 5 which was released earlier this month: PHP 5.0.0 beta 2.

ApacheCon 2003 has been over for a couple of weeks; this year we decided that we were going to relax in Las Vegas rather than spend all our free time writing up the conference for Apache Week. We can easily get away with it as the conference was widely covered by a number of attendees and speakers who wrote up their thoughts about the conference in all manner of blogs. And amazingly, for blogs, some of them have useful insights:

Conference committee member, Ken Coar, has a detailed account of his days as well as a huge selection of photos. Yes, there really was a Klingon female at the opening reception.

One of the best overviews of the conference was written by Doug Daulton who leads us through the talks he attended with a summary of Day 1, Day 2, Day 3, and Day 4.

Rod Chavez also gives a comprehensive overview of a number of talks he attended including the keynotes and sponsored sessions. One of the keynotes was by Doc Searles, who has his ApacheCon presentation and keynote online.

At Apache Week we tend to focus on the Apache web server and less on the other ASF technologies that are available. Andrew Oliver blogs his way through some of the Java projects and questions the purpose of the ASF's J2EE project, Geronimo. Mr Oliver must have made some enemies as Sam Ruby reports on an aborted plan to push him into the hotel swimming pool. On a more useful note, ASF documentation guru Rich Bowen adds some insight into the closing panel where the Pet Store web site demonstration was given by the Geronimo team.

Also of note, Adam Trachtenberg gives an overview from some of the Perl and PHP talks and Brandt Kurowski mentions the painfully slow closing raffle.

Not everyone was happy with the conference, as Todd Bishop wrote in the Microsoft blog when he found another attendee who was bored with ApacheCon. With nearly four hundred registrations it's quite unsurprising that there will be a few people with some complaints. All the attendees Apache Week spoke to were more than impressed by the presentations which were given by the guys behind the technology, not marketing staff. ApacheCon continues to be the main Apache event where Apache developers and users to come together and discuss everyone's favourite software.

Also at ApacheCon, the Apache Software Foundation announced that they had become one of the first official open-source licensees for the J2EE certification test kit. More news on this exciting development is available from IT News and ZDNet.

In this section we highlight some of the articles on the web that are of interest to Apache users.

One module which got a lot of attention at ApacheCon was mod_security, a third-party module which can log and block suspicious requests. O'Reilly take a look at how this module can be used in "Introducing mod_security".

Rich Bowen starts documenting A Day in the Life of #Apache, whilst helping users with their support problems on irc.