Package: php5-common
Version: 5.4.0-3
Severity: normal
The file installed as /etc/php5/apache2/php.ini contains:
;;;;;;;;;;;;;;;;;;;
; About this file ;
;;;;;;;;;;;;;;;;;;;
; PHP comes packaged with two INI files. One that is recommended to be
used
; in production environments and one that is recommended to be used in
; development environments.
; php.ini-production contains settings which hold security,
performance and
; best practices at its core. But please be aware, these settings may
break
; compatibility with older or less security conscience applications. We
; recommending using the production ini in production and testing
environments.
; php.ini-development is very similar to its production variant,
except it's
; much more verbose when it comes to errors. We recommending using the
; development version only in development environments as errors shown to
; application users can inadvertently leak otherwise secure information.
php.ini-production is shipped as /usr/share/php5/php.ini-production
php.ini-development is shipped as
/usr/share/doc/php5-common/examples/php.ini-development (oddly, in a
different directory).
But "php.ini-nothing" is apparently neither php.ini-production
nor php.ini-development. For example, the default php.ini contains:
; This directive determines whether or not PHP will recognize code between
; <? and ?> tags as PHP source which should be processed as such. It's
been
; recommended for several years that you not use the short tag "short
cut" and
; instead to use the full <?php and ?> tag combination. With the wide
spread use
; of XML and use of these tags by other languages, the server can
become easily
; confused and end up parsing the wrong code in the wrong context. But
because
; this short cut has been a feature for such a long time, it's
currently still
; supported for backwards compatibility, but we recommend you don't
use them.
; Default Value: On
; Development Value: Off
; Production Value: Off
; http://php.net/short-open-tag
short_open_tag = On
The php.ini is full of such examples, where the development and
production values are identical, yet different from the default value
(another example is output_buffering).
That leaves users wondering what is /etc/php5/apache2/php.ini and, if
it's not recommended in production nor in testing or development, where
it *is* recommended.
It would help to avoid splitting these files in 3 directories and to
mention their path in /etc/php5/apache2/php.ini
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org