Re: Uploaded faqomatic 2.506-2 (source all) to master

To: debian-devel@lists.debian.org
Subject: Re: Uploaded faqomatic 2.506-2 (source all) to master
From: Richard Roberto <robertr@nwmarkets.co.jp>
Date: Thu, 12 Feb 1998 12:16:39 +0900 (JST)
Message-id: <[🔎] Pine.SOL.3.96.980212120238.4959B-100000@toksup6143>
Reply-to: robertor@typhoon.co.jp


On Tue, 10 Feb 1998, Christian Schwarz wrote:

> On Tue, 10 Feb 1998, Scott Ellis wrote:
> 
> > On Tue, 10 Feb 1998, Christian Schwarz wrote:
> > 
> > > On Tue, 10 Feb 1998 scott@debian.org wrote:
> > > 
> > > [snip]
> > > >  faqomatic (2.506-2) unstable; urgency=low
> > > >  .
> > > >    * Rebuild with new debhelper to make lintian happier.
> > > >      Lintian will still complain about /usr/lib/cgi-bin/fom, but I
> > > >      have no intention of moving the file, since it needs to be
> > > >      there for apache to work, since apache won't follow symlinks.
> > > 
> > > I guess you are referring to the message 
> > >   E: faqomatic: file-in-usr-marked-as-conffile /usr/lib/cgi-bin/fom
> > > with that.
> > > 
> > > However, it's not good to have conffiles below /usr since /usr might be
> > > mounted read-only. Is there really not better solution?
> > 
> > Well, it isn't exactly a conffile that way.  It only needs changed if the
> > user wants to modify where faqomatic stores its data.  fom is a small perl
> > stub that calls perl libraries to do most of the work.  Moving it out of
> > /usr/lib/cgi-bin will break any setup that doesn't allow apache to follow
> > symlinks from cgi-bin.  I made it a conffile for the few people who might
> > want to modify it, but it isn't likely to fall under the frequent
> > modification as some conffiles in /etc
> 
> Well, if fom is just a Perl script than I suggest moving the variable code
> (e.g., variables) into a conffile /etc/fomrc (or similar) and include this
> file within fom with "require '/etc/fomrc';" Does this solve the problem?
> 
> 
fom is already a small stub.  Making it a much larger, more complex
script just to meet an esoteric "conf file" policy seems rediculous.
Besides it needing to untaint any external data, it may also need to
run a different binary, depending on if you use a standard perl
binary or the debian method.  This is for people who want (or need)
to run the script setid (or run a setid embedded interpreter).  Am I
off base on this?

Perhaps the script isn't what needs tweaking, but rather the policy?

There are numerous scripts on my system in the /usr hierarchy.  As
system administrator, I reserve the right to modify any one of them.
Does that also break debian policy?  What I mean is, should all
scripts be listed as conf files?  I think this is an old discussion.
It would be better if we had a separate "script" tag.  If there are
security implications for any part of this discussion, then I think
we need Ian's input.

In any case, it would be better to leave fom the way it is, unless
the upstream author agrees to change it.  He's a pretty agreeable
guy, so maybe someone should ask for his input on it.

Cheers,

Richard


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Uploaded faqomatic 2.506-2 (source all) to master
  - From: Christian Schwarz <schwarz@monet.m.isar.de>
- Re: Uploaded faqomatic 2.506-2 (source all) to master
  - From: Manoj Srivastava <srivasta@datasync.com>

Prev by Date: Re: Uploaded faqomatic 2.506-2 (source all) to master
Next by Date: Re: Removing /usr/lib/sendmail
Previous by thread: Re: Uploaded faqomatic 2.506-2 (source all) to master
Next by thread: Re: Uploaded faqomatic 2.506-2 (source all) to master
Index(es):
- Date
- Thread