proposed change to reprepro HOWTO
howdy!
in my opinion, the howto at
http://wiki.debian.org/SettingUpSignedAptRepositoryWithReprepro could be
improved, but i wanted to ask around before doing so.
currently, it recommends adding the stanzas
<Directory "/var/www/repos/apt/*/db/">
Order allow,deny
Deny from all
</Directory>
<Directory "/var/www/repos/apt/*/conf/">
Order allow,deny
Deny from all
</Directory>
<Directory "/var/www/repos/apt/*/incoming/">
Order allow,deny
Deny from all
</Directory>
to one's apache configuration. it seems that the same effect can (in
non-pedantic cases) be had using the UNIX permissions model (by removing the
world- and group-executable bits for these directories). this has two
advantages:
(1) fewer apache overhead
(2) the directions work for webservers other than apache
the only issue would be if remote agents ever need fetch from within conf/,
db/ or incoming/, but both my experimentation and the documentation suggest
otherwise.
--nick
--
nick black <nickblack@linux.com>
http://www.sprezzatech.com -- unix and hpc consulting
to make an apple pie from scratch, you need first invent a universe.
Reply to: