On 13/03/2024 14:38, Rémy Maucherat wrote:
<ch...@christopherschultz.net> wrote:
<snip/>
1. A longer default nag-duration
That's a good start. If it is meant to be enabled by default, I would
like a value that is long enough so that it is almost certain there's
an issue. 2 years ?
Rémy
2. Add an explicit "disable" (e.g. -1)
I was thinking yes to this and setting it to -1 by default.
3. Disable the feature by default
4. Remove this feature entirely
The target for this was really 8.5 which will immediately go
out-of-support once 8.5.100 is released. So really the default for
8.5.100 should be "nag immediately", but we can't expect that anybody
really uses the out-of-the-box server.xml without any customizations, so
specifically setting the duration to some small number of days in
server.xml isn't going to have any effect.
The more I think about this the more I wonder if some further tweaks are
required.
This check only runs at startup. There are some (very) long running
Tomcat instances out there. Is on startup enough? Should this check be
periodic? If yes, how periodic? Once a day? Probably whatever frequency
we went for with the TLS reload warnings would be about right.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
