proposed change to reprepro HOWTO

To: debian-derivatives@lists.debian.org
Subject: proposed change to reprepro HOWTO
From: nick black <nick.black@sprezzatech.com>
Date: Tue, 1 May 2012 09:04:58 -0400
Message-id: <[🔎] 20120501130457.GA9429@qemfd.net>
Mail-followup-to: debian-derivatives@lists.debian.org

howdy!

in my opinion, the howto at
http://wiki.debian.org/SettingUpSignedAptRepositoryWithReprepro could be
improved, but i wanted to ask around before doing so.

currently, it recommends adding the stanzas

<Directory "/var/www/repos/apt/*/db/">
        Order allow,deny
        Deny from all
</Directory>

<Directory "/var/www/repos/apt/*/conf/">
        Order allow,deny
        Deny from all
</Directory>

<Directory "/var/www/repos/apt/*/incoming/">
        Order allow,deny
        Deny from all
</Directory>

to one's apache configuration. it seems that the same effect can (in
non-pedantic cases) be had using the UNIX permissions model (by removing the
world- and group-executable bits for these directories). this has two
advantages:

 (1) fewer apache overhead
 (2) the directions work for webservers other than apache

the only issue would be if remote agents ever need fetch from within conf/,
db/ or incoming/, but both my experimentation and the documentation suggest
otherwise.

--nick

-- 
                                    nick black <nickblack@linux.com>
                 http://www.sprezzatech.com -- unix and hpc consulting
  to make an apple pie from scratch, you need first invent a universe.

Reply to:

Follow-Ups:
- Re: proposed change to reprepro HOWTO
  - From: Ansgar Burchardt <ansgar@debian.org>

Prev by Date: Re: DEX (Re: derivatives front desk status check)
Next by Date: Re: Debian derivatives census: welcome SprezzOS
Previous by thread: Re: DEX (Re: derivatives front desk status check)
Next by thread: Re: proposed change to reprepro HOWTO
Index(es):
- Date
- Thread