sean finney wrote:
> this is a surprising change. guess that's what i get for not being
> subscribed to -policy :)
Not really, it was last discussed on -policy in 2003, so being
subscribed wouldn't have helped, I'm as suprised as you are.
> but i'm still grappling to understand the rationale behind why this
> is a desirable thing. if the desire is to provide a way for the
> local admin and packages to be able to share a script aliased directory,
> i would argue this is entirely the wrong way about it. i'd be happy to
> elaborate further.
The rationalle is explained in #32263, though the logs are
long. Here's the essence of it:
> On Thu, Nov 02, 2000 at 09:16:02AM -0500, Brian White wrote:
> > -----
> > Most people setting up a web site expect /cgi-bin/ to be available for
> > scripts on their site. Unfortunately, Debian uses this for those scripts
> > packages that get installed. These two need to be independant.
> >
> > As such, Debian's system needs to be altered a bit. I recommend using
> > instead the name "/cgi-lib/" for scripts under /usr/lib/cgi-bin/. This
> > will keep both features independant and not affect the general use of
> > the system.
Why this change was accepted into policy in 2006 when the last message
about it was back in 2003, I have no clue. All that seems to have
changed in between is the slight support for it that existed in 2003
bitrotting away.
Despite the "policy documents existing practice" mantra, and despite
indications in the bug log that bugs were being filed and web servers
being updated in 2003 to support the cgi-lib scriptalias, as of now I
can't find any web servers that actually support it or packages that use
it:
- apache2, the most used web server in Debian, doesn't support cgi-lib.
Of course, apache2 was not in as wide use in 2003.
- apache contains no references to cgi-lib and seems to not support it
either.
- boa, despite having a changelog entry about supporting cgi-lib in the
default config, and despite including the empty directory in the deb,
doesn't actually support it by default.
- I can't find a single file shipped in /usr/lib/cgi-lib in all of
Debian.
- Some bugs that mention the directory, possibly not complete, but
probably most of them:
#167509 (cern-httpd; bug was closed when it was removed from debian)
#167510 (aolserver; bug was fixed, but package is no longer in etch)
#167511 (boa; badly fixed as mentioned above)
#167512 (roxen; bug was fixed, although possibly not in the way
policy intended, based on changelog, but package no longer
in debian)
#167513 (apache; tagged wontfix since 2003)
To all indications, shipping any cgis in cgi-lib is premature and so was
the acceptance of this policy amendment.
> i would argue that /usr/lib/cgi-foo is an outdated approach anyway, and
> that most applications ought to be scriptaliasing /package/cgi-bin
> or /cgi-bin/package to somewhere under /usr/lib/package (this would in
> fact be another use for the non-existant libexec dir...). but that's
> just my $0.02.
Debian still has web servers other than apache2 in it, so that seems
difficult to do.
--
see shy jo
Attachment:
signature.asc
Description: Digital signature