This one time, at band camp, sean finney said: > hi, > > On Wed, May 03, 2006 at 03:02:49PM +0200, Alexis Sukrieh wrote: > > W: bugzilla: file-in-usr-lib-cgi-bin usr/lib/cgi-bin/bugzilla/ > > N: > > N: Packages shipping web server CGI files should install them in > > N: /usr/lib/cgi-lib, not in /usr/lib/cgi-bin. This is done to avoid > > N: conflicts with the cgi-bin script alias, which is reserved for the > > N: local use of webmasters. Web servers should include /cgi-lib/ as a > > N: standard ScriptAlias pointing to that directory. > > this is a surprising change. guess that's what i get for not being > subscribed to -policy :) > > first, i don't really see what the merit is of moving files from > /usr/lib/cgi-bin to /usr/lib/cgi-lib. This is, IMHO, a very awkward, to say the least, change. There are currently at a rough guess: steve@gashuffer:~$ apt-file search cgi-bin | awk -F: '{print $1}' | sort -u | wc -l 135 more than a few packages using cgi-bin. Most of the httpds Debian ships are not trivially modifiable (no run parts directories like the apaches). And the benefit is, what? Web developers can write unhindered to /usr/lib? Sorry? It seems that more and more 'cgi' programs are moving away from using cgi-bin anyway, and that as time goes on, this will be a non-issue. I know that certainly as a policy decision at most sites I administer, I disable direct access to /usr/lib/cgi-bin, precisely because I don't like newly installed but unconfigured packages being web accessable. So, we now have 135 RC bugs, plus one more for each noncompliant httpd. Oh, well. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature