Bug#977014: apache2-doc: please do not enable apache2-doc site (or even better: remove it at all)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#977014: apache2-doc: please do not enable apache2-doc site (or even better: remove it at all)
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Thu, 10 Dec 2020 03:43:55 +0100
Message-id: <[🔎] 160756823595.78490.9081632066990720140.reportbug@heisenberg.scientia.net>
Reply-to: Christoph Anton Mitterer <calestyo@scientia.net>, 977014@bugs.debian.org

Package: apache2-doc
Version: 2.4.46-2
Severity: wishlist


Hi.

I'd like to propose not to enable the apache2-doc "site" or
even better completely remove it's config or move it to some location
in /u/s/d/apache2/examples/ .

Why?

First, there is typically never every any reason to actually host it.
People who really want this online and not just locally available (where it's
"more secure") can always just use https://httpd.apache.org/docs/ .
And any admin who wants to have access to the very specific version for
his current package, can just use the local files.

The current config places a pretty generic alias, "/manual", into the main
server, which will be active in any vhost, unless specifically overridden.
Absolutely no reason to do this, and in fact it's even like that this
could disturb other content being served.

There's a long standing history of needlessly automatically enabled stuff
causing security issues (e.g. mod_status).
The same principle applies here: why enabling something without any need?


Cheers,
Chris.

Reply to:

Prev by Date: Control del vehículo
Next by Date: Perl Users Info.
Previous by thread: Bug#976878: apr-util FTCBFS: uses mysql_config
Next by thread: Perl Users Info.
Index(es):
- Date
- Thread