Zed A. Shaw
zedshaw at zedshaw.com
Thu Nov 22 02:42:12 EST 2007
On Wed, 21 Nov 2007 12:45:01 -0800
Ezra Zygmuntowicz <ezmobius at gmail.com> wrote:
> Yeah I ported evented mongrel to run on packet> it does run and is
> faster than threaded mongrel, not quite as fast as event machine
> evented mongrel.
> The one problem is that the first request after server boot hangs but
> then all requests after that are fine. I will continue some more work
> on this. I think it would be nice to provide this as official mongrel
> *opt in* functionality once it's all worked out.
There's several problems with Packet's code, which I outlined for Evan over IRC earlier today:
1) It has EM code in it with the same GPL boilerplate. No GPL allowed as that will infect it with the viral license and open the door to malicious legal actions.
2) You rewind the data stream in your mongrel code while the parser can handle incremental parsing.
3) There's several places where the code takes input from userland and embeds it in either an unpack or a regex thus allowing for userland format string attacks.
4) There's quite a lot of dubious stuff going on, like using activesupport, adding weird class attribute accessors via class eval, and just other bad code all around.
That's just in about 10 minutes of browsing the source. If I can find that much wrong with it that quick, then it still needs lots of work. First and foremost is the GPL though. It's a no-go if it has viral licensing and just borrows code from other projects that has GPL.
Zed A. Shaw
- Hate: http://savingtheinternetwithhate.com/
- Good: http://www.zedshaw.com/
- Evil: http://yearofevil.com/
More information about the Mongrel-users