Please find, for review, the debconf templates and packages descriptions for the haserl source package.
This review will last from Thursday, July 21, 2011 to Sunday, July 31, 2011.
Please send reviews as unified diffs (diff -u) against the original
files. Comments about your proposed changes will be appreciated.
Your review should be sent as an answer to this mail.
When appropriate, I will send intermediate requests for review, with
"[RFRn]" (n>=2) as a subject tag.
When we will reach a consensus, I send a "Last Chance For
Comments" mail with "[LCFC]" as a subject tag.
Finally, the reviewed templates will be sent to the package maintainer
as a bug report, and a mail will be sent to this list with "[BTS]" as
a subject tag.
Rationale:
--- haserl.old/debian/haserl.templates 2011-07-16 21:14:32.783410052 +0200
+++ haserl/debian/haserl.templates 2011-07-21 11:14:41.960383451 +0200
@@ -5,5 +5,5 @@
When haserl is installed with suid root permissions, it will automatically set
its UID and GID to that of the owner and group of the script.
.
- WARNING: This is a potential security vulnerability, as scripts that are owned
+ This is a potential security vulnerability, as scripts that are owned
by root will be run as root, even when they do not have the suid root bit.
Very few proposed changes, indeed..:-)
I just suggest removing this yelling WARNING. It is generally
discouraged to put such too invasive warnings.
--- haserl.old/debian/control 2011-07-16 21:14:32.783410052 +0200
+++ haserl/debian/control 2011-07-21 11:15:57.462460577 +0200
@@ -17,14 +17,14 @@
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: lua5.1
Description: CGI scripting program for embedded environments
- Haserl is a small cgi wrapper that allows "PHP" style cgi programming, but uses
+ Haserl is a small CGI wrapper that allows PHP-style CGI programming, but uses
a UNIX bash-like shell or Lua as the programming language. It is very small, so
it can be used in embedded environments, or where something like PHP is too
big.
.
- It combines three features into a small cgi engine:
+ It combines three features into a small CGI engine:
* It parses POST and GET requests, placing form-elements as name=value
- pairs into the environment for the CGI script to use. This is somewhat like
+ pairs into the environment for the CGI script to use. This is somewhat like
the uncgi wrapper.
* It opens a shell, and translates all text into printable statements. All
text within <% ... %> constructs are passed verbatim to the shell. This is
Standardize on capitalization of CGI
Use "PHP-style".
On the other hand, I have to admit that I don't have any inspiration..:-)
--
Template: haserl/setuid Type: boolean Default: false _Description: Install haserl binary with suid root permissions? When haserl is installed with suid root permissions, it will automatically set its UID and GID to that of the owner and group of the script. . This is a potential security vulnerability, as scripts that are owned by root will be run as root, even when they do not have the suid root bit.
--- haserl.old/debian/haserl.templates 2011-07-16 21:14:32.783410052 +0200
+++ haserl/debian/haserl.templates 2011-07-21 11:14:41.960383451 +0200
@@ -5,5 +5,5 @@
When haserl is installed with suid root permissions, it will automatically set
its UID and GID to that of the owner and group of the script.
.
- WARNING: This is a potential security vulnerability, as scripts that are owned
+ This is a potential security vulnerability, as scripts that are owned
by root will be run as root, even when they do not have the suid root bit.
--- haserl.old/debian/control 2011-07-16 21:14:32.783410052 +0200
+++ haserl/debian/control 2011-07-21 11:15:57.462460577 +0200
@@ -17,14 +17,14 @@
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: lua5.1
Description: CGI scripting program for embedded environments
- Haserl is a small cgi wrapper that allows "PHP" style cgi programming, but uses
+ Haserl is a small CGI wrapper that allows PHP-style CGI programming, but uses
a UNIX bash-like shell or Lua as the programming language. It is very small, so
it can be used in embedded environments, or where something like PHP is too
big.
.
- It combines three features into a small cgi engine:
+ It combines three features into a small CGI engine:
* It parses POST and GET requests, placing form-elements as name=value
- pairs into the environment for the CGI script to use. This is somewhat like
+ pairs into the environment for the CGI script to use. This is somewhat like
the uncgi wrapper.
* It opens a shell, and translates all text into printable statements. All
text within <% ... %> constructs are passed verbatim to the shell. This is
Source: haserl
Section: interpreters
Priority: optional
Maintainer: Chow Loong Jin <hyperair@ubuntu.com>
Build-Depends: debhelper (>= 7.0.50~),
po-debconf,
autotools-dev,
liblua5.1-0-dev,
pkg-config
Standards-Version: 3.9.1
Homepage: http://haserl.sourceforge.net/
Vcs-Git: git://git.debian.org/collab-maint/haserl.git
Vcs-Browser: http://git.debian.org/?p=collab-maint/haserl.git;a=summary
Package: haserl
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: lua5.1
Description: CGI scripting program for embedded environments
Haserl is a small CGI wrapper that allows PHP-style CGI programming, but uses
a UNIX bash-like shell or Lua as the programming language. It is very small, so
it can be used in embedded environments, or where something like PHP is too
big.
.
It combines three features into a small CGI engine:
* It parses POST and GET requests, placing form-elements as name=value
pairs into the environment for the CGI script to use. This is somewhat like
the uncgi wrapper.
* It opens a shell, and translates all text into printable statements. All
text within <% ... %> constructs are passed verbatim to the shell. This is
somewhat similar to how PHP scripts are parsed.
* It can optionally be installed to drop its permissions to the owner of the
script, giving it some of the security features of suexec or cgiwrapper.
Attachment:
signature.asc
Description: Digital signature