This one time, at band camp, sean finney said: > hi, > > On Wed, May 03, 2006 at 03:02:49PM +0200, Alexis Sukrieh wrote: > > W: bugzilla: file-in-usr-lib-cgi-bin usr/lib/cgi-bin/bugzilla/ > > N: > > N: Packages shipping web server CGI files should install them in > > N: /usr/lib/cgi-lib, not in /usr/lib/cgi-bin. This is done to avoid > > N: conflicts with the cgi-bin script alias, which is reserved for the > > N: local use of webmasters. Web servers should include /cgi-lib/ as a > > N: standard ScriptAlias pointing to that directory. > > this is a surprising change. guess that's what i get for not being > subscribed to -policy :) > > first, i don't really see what the merit is of moving files from > /usr/lib/cgi-bin to /usr/lib/cgi-lib.
This is, IMHO, a very awkward, to say the least, change. There are
currently at a rough guess:
[EMAIL PROTECTED]:~$ apt-file search cgi-bin | awk -F: '{print $1}' | sort -u |
wc -l
135
more than a few packages using cgi-bin. Most of the httpds Debian ships
are not trivially modifiable (no run parts directories like the
apaches). And the benefit is, what? Web developers can write
unhindered to /usr/lib? Sorry?
It seems that more and more 'cgi' programs are moving away from using
cgi-bin anyway, and that as time goes on, this will be a non-issue. I
know that certainly as a policy decision at most sites I administer, I
disable direct access to /usr/lib/cgi-bin, precisely because I don't
like newly installed but unconfigured packages being web accessable.
So, we now have 135 RC bugs, plus one more for each noncompliant httpd.
Oh, well.
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : [EMAIL PROTECTED] |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
signature.asc
Description: Digital signature
