Your message dated Sun, 27 Jul 2014 16:34:29 +0000
with message-id <[email protected]>
and subject line Bug#730376: fixed in webfs 1.21+ds1-10
has caused the Debian Bug report #730376,
regarding webfs: Please change the default document root to /var/www/html
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
730376: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730376
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: webfs
Severity: important
User: [email protected]
Usertags: default-doc-root

Hello,

as discussed last year in <[email protected]> [1] I'd now
take the current development cycle to actually change the default
Document Root in Debian's http servers. The reasons are outlined in
the referenced mailing list thread, but once again, in short:

Our webservers set the default document root to /var/www, whereas
site-local administrators tend to use /var/www/example.com. This has
security implications if visitors access the default document root,
bypassing the /supposed/ document root of example.com. That's
problematic if sensitive data is placeѕ outside the supposed
document root (e.g. consider a hypothetical
/var/www/example-com-db.conf configuration file).

The consensus from last year's discussion was to use
/var/www/<something> as a default document root instead, giving users
a parent directory for HTTP ѕervers which is not served to the
public.

Personally I don't care about the actual directory name of
<something>, and /var/www/default would probably be the best choice
to highlight its designed use. However, to minimize the delta to
other distributions I suggest to make the default document root
/var/www/html - which is what Fedora/RHEL/CentOS is using already.

Apache will make this change for the next upload coming up. Please
follow us to have a consistent default document root across
webservers in Debian. 

[1] https://lists.debian.org/debian-devel/2012/04/msg00301.html 

--- End Message ---
--- Begin Message ---
Source: webfs
Source-Version: 1.21+ds1-10

We believe that the bug you reported is fixed in the latest version of
webfs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mats Erik Andersson <[email protected]> (supplier of updated webfs 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 26 Jul 2014 21:37:53 +0200
Source: webfs
Binary: webfs
Architecture: source amd64
Version: 1.21+ds1-10
Distribution: unstable
Urgency: low
Maintainer: Mats Erik Andersson <[email protected]>
Changed-By: Mats Erik Andersson <[email protected]>
Description:
 webfs      - lightweight HTTP server for static content
Closes: 730376 746159 752302
Changes:
 webfs (1.21+ds1-10) unstable; urgency=low
 .
   * debian/control: Standard-Version 3.9.5.
   * Make libgcrypt a conditional dependency.
     + Solution hint provided by Andreas Metzler.
     + debian/patches/85_conditional_gcrypt.diff: New file.
     + debian/control: Add 'pkg-config' to Build-Depends.
     + Closes: #746159
   * Migrate to recent 'gnutls28'.
     + debian/control: Update to 'libgnutls28-dev' in Build-Depends.
     + Closes: #752302
   * Set default document root to '/var/www/html'.
     + debian/templates: Updated.
     + Closes: #730376
   * Support sendfile() while running GNU/kFreeBSD.
     + debian/patches/82_kfreebsd.diff: New file.
   * Document the option "-~" properly.
     + debian/patches/10_manpage.diff: Updated.
Checksums-Sha1:
 16ec7567e6d6dcc7bc623bf39124e9878c8bcad0 1795 webfs_1.21+ds1-10.dsc
 50c3c163165b11329fb001f550207037f5bd3d7e 55828 webfs_1.21+ds1-10.debian.tar.xz
 6807ea9f92ad0a9670c4a076976736e4b24dbe06 72276 webfs_1.21+ds1-10_amd64.deb
Checksums-Sha256:
 dceefa18cda055686f5c115a86d5b83f528a91ff3f4a7f322042172833d1c8c2 1795 
webfs_1.21+ds1-10.dsc
 e9b0ad37832cd0aa5fa0d8a6c970d3ff1d4c9daa512ca5489c14552043207899 55828 
webfs_1.21+ds1-10.debian.tar.xz
 12a2240deb71e943de6167ea478ee3613c5aac79dfe8e484b4724677705df07a 72276 
webfs_1.21+ds1-10_amd64.deb
Files:
 883baa4584697190f0022371a30f4c29 72276 httpd optional 
webfs_1.21+ds1-10_amd64.deb
 66ddfadea22b5411f60f176165370cea 1795 httpd optional webfs_1.21+ds1-10.dsc
 e5f415b99b899c5cf5355abcb5ae21a3 55828 httpd optional 
webfs_1.21+ds1-10.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJT1SjFAAoJEKbcJNnaJJPRD9IP/R1N/p3wwaLx8MBlIQKPZwsj
/JqgrQ3mcECbLEMoa6Atr6GjyBDJXTgxZTfmmFVAh+wcYEaAf4fJ7HEEtg5pDjLb
E/wrT73Rov/98KL6R575pupvrTuw6Ikfg2ZuIuFE+6FajQHQbQvzfq+jhU6XmCNG
4wbrY+YPUNDlt0tH/7cNlexycD8uBAFEqT3D1JGeLhJxY+2cmetLZsWZbJvp8MQf
HRgiXVNQiYKEMmb3eZkg9/c/nkYAJW54siznIRwruhIUuU9O7uYEt/kZiQ0AFo4v
VMZEr0MsMboi8NSGUCzEUsLgh6mG34nAlmL/FtyPGDx8VS3rZubSn6Q22AK13UqA
HCITf1qmtltZypsLITGDOg8cTHlVv2bx6tD7VC8/7QLGNCXKpUuPGKJDWXq3rnCq
C4rki6eGTy/pP5dNx6/Y3RgY2hI+UeuvhAJVxko1MBMKhVHbym4DK3PphrW0+NwU
oNP+ziYHa+wrdD/BBlBB6ZV6E/w/hdOzKAEh83YSghZq9KxYeIv39/n32zJQECaW
jQ/a7VY3Eny8Efie/JYF/mq4SlUqm/yFV3f21e5Y9VblOIzo+YKAGrQm8iibzLEL
zDC2rXvk5FjTDKQtrXafYQEuR0zCR+BEA9+jYsgE84vCt0McXhhBu3Rmc4COodbM
jmi4bP1ywYiVie36LiQ9
=Ztz5
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to