Bug#715804: Debian policy for web apps still references /doc as accessible

[Charles Plessy <plessy@debian.org>]

tag 715804 patch
thanks

Le Thu, Jul 11, 2013 at 08:06:33AM +0900, Charles Plessy a écrit :
> Le Thu, Jul 11, 2013 at 01:24:45AM +0800, Thomas Goirand a écrit :
> > 
> > The Debian policy for web apps still references /doc as accessible
> > through the web (see point 3 of chapter 11.5), though it has been removed
> > for security reasons. The policy should be updated.
 
> if the webservers that we distribute have dropped that functionality
> (can you confirm that it is not just apache2 ?), then I also support adjusting
> the Policy accordingly.

I contacted the maintainers of packages which provide 'httpd' and got two
answers, that this feature is not enabled in the uwsgi package and that it is
being removed from the nginx package.  I then realised that I dropped by
mistake the maintainers of the lighttpd package, in which I see that it
contains a snippet that implements the feature, but apparently not by default.

On my side, I think that the current practice is not to serve /doc by default,
and I therefore second the proposition of Thomas to remove point 2 of chapter
11.5.

Are there other seconds or objections ?

Cheers,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan