[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#32263: Unexpected use of /cgi-bin/

> I don't see this pertaining to cgi's. With the /usr/local convention it
> doesn't require any extra effort to use the programs (just add
> /usr/local/bin to PATH) but with a cgi-bin/cgi-lib seperation you will
> have to make two distinct calls to different URL's in order to call Debian
> cgi's and locally installed cgi's.

There are still problems.  If we assume that the local admin is not
putting his personal cgi scripts in /usr/lib/cgi-bin, then in order
to his scripts to work, he must either

 1) go against popular convention and create some new /cgi-local/ ScriptAlias
 2) move /cgi-bin/ to point to /home/www/cgi-bin/ and make symlinks
 3) add a "local" symlink under /usr/lib/cgi-bin to point to /home/www/cgi-bin

Both of these choices are bad.

 1) people like things in standard places -- web standard is /cgi-bin/
 2) package installs or removals don't update these links
 3) administrators have to hack to get what should come naturally


If apache and other web servers were to ScriptAlias /cgi-lib/ and
/cgi-bin/ seperately, the they could be enabled/disabled independantly
and without having to worry about installations, removals, config
updates, and other automated processes.


> On top of that, switching our cgi programs will break _a lot_ of ppl's
> systems. Can you imagine the unwary admin who upgrades to this system on a
> production webserver only to have php3-cgi move on him and severely break
> the system?

I really doubt that it will break "a lot" of systems...

What will break most is packages that use /usr/lib/cgi-bin, and they can
be fixed before the next release of Debian so as to make the entire
transition appear seamless.

Serious web hosts have probably already changed /cgi-bin/ to point to the
correct place, thus abandoning the Debian scripts.  These people will not
be affected since we're only changing our system to match what they've
already done.

People who added another ScriptAlias are unlikely to have chosen /cgi-lib/.
These people will not be affected as we won't be changing their configuration,
though we may add a second ScriptAlias to /home/www/cgi-bin -- no harm done.

People that have kludged their system by adding a "local" symlink to
/usr/lib/cgi-bin -> /home/www/cgi-bin (thus accessing local scripts
as /cgi-bin/local/) will be affected, but it was a hack when it was
installed and so is unlikely to be hard-coded in many places.

I'd say only a small percentage of webmasters fall under this last case and
thus would be affected in any negative way.

                                          Brian
                                  ( bcwhite@pobox.com )

-------------------------------------------------------------------------------
      Management should work for the engineers, not the other way around.
Reply to: