Re: jessie release goals

To: debian-devel@lists.debian.org
Subject: Re: jessie release goals
From: Thomas Goirand <zigo@debian.org>
Date: Mon, 06 May 2013 23:33:51 +0800
Message-id: <[🔎] 5187CD5F.2010504@debian.org>
In-reply-to: <[🔎] 1367846146.7764.8.camel@heisenberg.scientia.net>
References: <[🔎] 5187A6F5.2080009@debian.org> <[🔎] 1367846146.7764.8.camel@heisenberg.scientia.net>

On 05/06/2013 09:15 PM, Christoph Anton Mitterer wrote:
> Hey.
>
> I would like to see the following with respect to PHP and all packages
> using PHP:
> 1) We should try to educate users not to use mod_php. From a security
> POV it's rather problematic, as it runs in server context. And for
> people really needing the performance, FPM should be an equally good
> solution.
There's not only FPM as a solution. I maintain SBOX to do chroot, and
I use it together with aufs to maintain chroot templates. I also currently
maintain my own version of Apache with a patch to backport the
AllowOverrideList feature of Apache 2.4 in the (old)stable Debian, so
that a hacker can't write in a .htaccess to hook the Options / AddHandler
thing and by-pass my cgi-wrapper.

So yeah, maintainers shouldn't assume mod_php. But please do not
assume FPM either!

By the way, using FPM + SBOX should be a quite nice thing, which I need
to investigate.

Thomas

Reply to:

References:
- jessie release goals
  - From: Andreas Beckmann <anbe@debian.org>
- Re: jessie release goals
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Re: Proposal: a team maintaining packages managing media types (MIME).
Next by Date: Re: Bug:#700917: desktop-file-utils: call for (co-)maintainership [ITA]
Previous by thread: Re: jessie release goals
Next by thread: Re: jessie release goals
Index(es):
- Date
- Thread