hey joey, On Wed, May 03, 2006 at 02:51:50PM -0400, Joey Hess wrote: > AFAIK apache2 is the only web server package that allows scriptaliases > to be added to it in a policy conformant way (by dropping config file > snippets into /etc/apache2/conf.d/. Other web servers that support > scriptalias, like boa, centralise it all in a single conffile, which > other packages are not allowed to edit. That's why I said that there > being more web servers than apache2 in Debian is a problem. aha. i wasn't worrying about it too much from the "configuring the web server" aspect of things. but imho such an ability should be provided by the httpds if the feature is desired. furthermore, i'm wary of binaries belonging to potentially unconfigured webapps being generally accessible for execution (which is a problem with the current setup as well). > > with this approach, the admin is free to do whatever he/she wishes with > > the cgi-bin directory (place files, symlink to directories provided > > by debian packages, etc), without interference from debian packages. > > there is also a clear distinction of domain between the local admin > > and the debian package management system, which is generally a good > > thing and something we seem to like doing in debian. > > Of course using /cgi-lib/ for debian's cgis and /cgi-bin/ for the admin > also draws a similarly clear distinction, although the naming of > /cgi-lib/ could be clearer (as was mentioned in the policy proposal). but this doesn't actually require that files be moved around to accomplish this, and further i'd still say that it's conceptually buggy to have the admin messing around with files in /usr/lib. you could equivalently accomplish the desire of the current amendment by scriptaliasing /cgi-lib to /usr/lib/cgi-bin and /cgi-bin to somewhere more sensible. but i'd still disagree with this being the right way to do. sean --
Attachment:
signature.asc
Description: Digital signature