Package: php-common Version: 5.4.4-14+deb7u2 Severity: important
Hi. Marking this as important, as it might have even security implications (e.g. when a module was intentionally. btw: I just thought I'd have reported this before, but couldn't find it in the open bugs... so please don't be annoyed if it's a duplicate ;) We have this nice mechanisms of module config files symlinked in: /etc/php5/conf.d/ (and also, well at least per default, the SAPI dirs which contains symlinks to l /etc/php5/conf.d as well). People may use different PHP configs for different PHP programs, e.g. via setting PHP_INI_SCAN_DIR. So they may want to enable some modules only in these locations, e.g. because they know they'll be anyway only used from SSL client auth secured connections... Therefore... a) I generally think, that modules shouldn't be auto-enabled there (I mean even on the first install). You have the nice php5dismod/php5enmod and everyone should be able to call them if he wants to. b) If one has removed such a symlink... (either by php5dismod or manually by rm)... it should NOT be auto-recreated on package upgrade... especially as this happens without any notice. Admittedly I'm not sure how to actually do (b) as these are not conffiles... but (a) would solve (b) as well ;-) Cheers, Chris. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
