[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: release critical bug in apache2.2?

On Thu, Nov 02, 2006 at 08:16:46PM +0100, sean finney <seanius@debian.org> wrote:
> On Thu, 2006-11-02 at 19:20 +0100, Mike Hommey wrote:
> > Auto-indexes are enabled only in /var/www/apache2-default and
> > /usr/share/apache2/icons by default, so it is not likely to leak any
> > unexpected file list.
> > 
> > So no, that doesn't grant an RC bug for these reasons.
> > 
> > On the other hand, it breaks configurations that used to work... (sites
> > relying on this index.php setting will get 403 errors after upgrade from
> > 2.0)
> 
> i imagine the apache maintainers will argue that it should be either (a)
> the webapp package or (b) the php apache module's repsonsibility
> to specify the additional DirectoryIndex.

Yes, that would be a good idea.

> iirc DirectoryIndex does/can append to the list of index files, right?

Yes, it does

> if so i'd have no problem slipping this into the php/apache module
> configuration files if that's the agreed course of action.  but whether
> or not this makes it to etch is an open question.

What is sure is that we should not break existing configurations on
upgrade.

Mike
Reply to: