[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Policy change about `/usr/lib/cgi-bin' - Mass bug filing pending...



Alexis Sukrieh wrote:
> As you might have noticed, the last policy version (3.7.0) says that
> web application packages must not put CGIs under `/usr/lib/cgi-bin'
> anymore:
> 
> Quoting lintian:
> 
>     This is done to avoid conflicts with the cgi-bin script alias,
>     which is reserved for the local use of webmasters.
> 
> CGIs must be put under /usr/lib/cgi-lib now.

As I posted to -policy, this seems to have been mis-handled: A few bug
reports were filed on some web servers back in 2003 to make them support
/usr/lib/cgi-lib. Even fewer web servers were so updated. All of those
later reverted the patch or were removed from Debian. Three years later,
the amendment was put into policy for no apparent reason (ie, why accept
it in 2006, instead of 2005, 2004, or 2003?). I'm aware of no web servers
or packages in debian that support or use /usr/lib/cgi-lib now.

> I won't discuss here the goodwill of this change, I just want to
> point out that by now, 110 packages are RC bug candidates because of
> this [2] (422 files installed inder `/usr/lib/cgi-bin').

Policy uses a "should" for this, so at most these would be regular
severity bugs, not RC bugs. Also, your list is incomplete since it
doesn't include web servers needing to implement support for the
directory first, which policy or no policy, is a prerequisite for any
package to use this directory. Packages changed to /usr/lib/cgi-lib
before web servers support it could be considered RC buggy, since
they'll no longer *work*.

The original transition plan for this was broadly, to fix all the web
servers to support /usr/lib/cgi-lib while still supporting
/usr/lib/cgi-bin, then to move the cgi programs, and then presumably to
let the admin do whatever they like with /cgi-bin/ after that.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature


Reply to: